Re: sub-7

From: Brice Carlson (tuck167at_private)
Date: Mon Nov 12 2001 - 18:42:59 PST

  • Next message: Nathan Einwechter: "Re: sub-7"

    Yes, matter of fact i have and i can tell you why... Recently i was bored. 
    So i decided to delete alot my virus scanner, firewalls, and my IDS. And i 
    also opened up my file and print shares.(running windows95) With in 15 
    minutes I could no longer surf the net. I am running a 28.8(Don't give me 
    this 56ks are cheap talk) So i opened up file/search i had some new 
    *programs* on my computer. It scans for subseven. I also noticed that i had 
    a connection on port 6667 (irc) Ip address 66.26.92.28. But anyways i tried 
    connecting to this server. i did and... There was NO Channels. but like 324 
    users on it... So i'm imagining that is 324 compromised systems(?) I also 
    let the program run a while (sorry guys) to find out if someone would 
    connect over Subseven. no one ever did though, even though i had it on my 
    system. I still have all the programs on this system i just have a firewall 
    not letting them get through. If anyone wanted to look into the programs 
    that i have... I'd be happy to send them the files. Just send me an email. 
    One of them is the program that they use to communicate to the IRC channel 
    and you very well know the other.
    
    Brice Carlson
    
    
    >
    >Anyone notice an increase in port scans to 27374 in the last week? I
    >noticed several, all from different addresses.
    >
    >Leon
    >
    >----------------------------------------------------------------------------
    >This list is provided by the SecurityFocus ARIS analyzer service.
    >For more information on this free incident handling, management
    >and tracking system please see: http://aris.securityfocus.com
    >
    
    
    _________________________________________________________________
    Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 07:21:26 PST