Re: increase of scans against port 1524

From: GrdnWsl (grdnwslat_private)
Date: Wed Jun 05 2002 - 09:43:07 PDT

Next message: Jean-Luc: "Re: [incident] IIS defacement through FTP, possible DoS"

Previous message: Antonio Stano: "Strange IIS Pattern..."
In reply to: High Speed: "increase of scans against port 1524"
Next in thread: Drew Schaffner: "Re: increase of scans against port 1524"
Next in thread: Michael Katz: "Re: increase of scans against port 1524"
Reply: Drew Schaffner: "Re: increase of scans against port 1524"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

AFAIK, this port is also used for the Trinoo trojan.  I've been seeing
some scans on my on this port in my netblock as well... not too many,
but some.  Although, I haven't really seen an increase per se.  Anyhow,
you might want to check out www.neohapsis.com.  They have, somewhere on
their site (can't remember where exacly) a list of ports and what
viruses/trojans/worms run on them.  They also have a version in
/etc/services format.  It's come in handy to figure out why a particular
port is being scanned.

High Speed wrote:
> Hi,
> 
> last 2 days I noticed an increased scan against port 1524
> 
> ingreslock    1524/tcp    ingres
> ingreslock    1524/udp    ingres
> 
> Are there known issues with this port ?
> Recently found vulnerabilities ?
> 
> thanks
> 
> HS
> 
> 
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
> 
> 
> ----------------------------------------------------------------------------
> 
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management and
> tracking system please see: http://aris.securityfocus.com
> 

-- 

Preston Kutzner | IT Manager
Marketing Resources, Inc.

This e-mail (and any attachments) is confidential and may
contain personal views which are not the views of
Marketing Resources, Inc. unless specifically stated.
If you have received it in error, please delete it from
your system, do not use, copy or disclose the information
in any way nor act in reliance on it and notify the sender
immediately. Please note that Marketing Resources, Inc.
monitors e-mails sent or received. Further communication
will signify your consent to this.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jean-Luc: "Re: [incident] IIS defacement through FTP, possible DoS"
Previous message: Antonio Stano: "Strange IIS Pattern..."
In reply to: High Speed: "increase of scans against port 1524"
Next in thread: Drew Schaffner: "Re: increase of scans against port 1524"
Next in thread: Michael Katz: "Re: increase of scans against port 1524"
Reply: Drew Schaffner: "Re: increase of scans against port 1524"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 10:12:09 PDT