Hello Rob, Sunday, August 11, 2002, 8:42:50 AM, you wrote: RK> Anyone else seeing a huge increase in subseven scans...6708 since about RK> 0300Z - across all of my class C's and from quite a few sources (running the RK> query now to see how many). RK> Rob RK> ---------------------------------------------------------------------------- RK> This list is provided by the SecurityFocus ARIS analyzer service. RK> For more information on this free incident handling, management RK> and tracking system please see: http://aris.securityfocus.com I've seen quite a bit of traffic on ports tcp/12345 and tcp/27374. According to what I've seen, 27374 is a port used by quite a few versions of SubSeven, as for 12345, it's not mentioned that subseven runs on that port (that I've seen), but I am seeing attempted connections to these ports at the same time (maybe some other vuln attempt I'm not aware of? anyone?). Hope that helps. -- Preston Kutzner | IT Manager Marketing Resources, Inc. _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 10:39:55 PDT