What's so odd about it? you said it yourself that: 161 for SNMP 79 for finger and 1524 for the reason that many RPC exploits spawn shell on this port, and people use this port for their backdoors too. as far as your doubts about fingerd, there has been exploits for finger daemon. It's just a scan probably using synscan, and he had exploits for fingerd and snmp only, and also trying out his luck to find some left backdoored box on port 1524. It's quiet usual, looks like a newbie cracker scan on you. :) Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with emailat_private by Everyone.net http://www.everyone.net/?btn=tag ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 08:42:35 PDT