('binary' encoding is not supported, stored as-is) In-Reply-To: <Pine.LNX.4.44.0304140133090.29002-100000at_private> It's a backdoor trojan called "Kuang2 The Virus." Computers infected with the W32.Weird (Kuang2) virus will have this port open to a backdoor trojan dropped by the virus. I see port 17300 scans on and off, and they've started in again as of 4/13 or so. I think some script kiddie(s) are using a distributed scan tool to probe for infected boxes to exploit. >Since January I have logged the following probes of port 17300; is >this a known? > >-------GMT---- >Jan 4 11:16:20 212.143.36.64:1530 -> 17300 >Jan 4 12:13:05 212.143.36.64:1744 -> 17300 >Jan 21 23:37:58 24.95.177.30:4979 -> 17300 >Jan 26 05:49:46 216.40.195.83:17300 -> 17300 >Jan 29 16:39:20 12.212.35.44:4861 -> 17300 >Feb 15 23:02:22 220.88.89.170:3252 -> 17300 >Feb 15 23:09:08 217.210.222.213:1347 -> 17300 >Feb 15 23:16:16 211.194.95.150:1062 -> 17300 >Feb 21 00:29:12 61.77.241.204:4997 -> 17300 >Feb 21 01:17:22 220.77.194.249:3226 -> 17300 >Feb 21 09:50:25 61.248.164.86:4385 -> 17300 >Feb 27 11:03:55 24.77.128.66:1461 -> 17300 >Mar 1 09:34:03 131.128.137.177:3003 -> 17300 >Mar 26 13:10:26 209.40.101.170:17300 -> 17300 >Apr 10 18:23:42 217.121.239.168:4299 -> 17300 >Apr 13 18:10:14 212.118.6.209:3507 -> 17300 >Apr 13 20:38:01 209.40.97.21:17300 -> 17300 >Apr 14 05:19:10 61.238.101.155:2507 -> 17300 >Apr 14 06:17:51 218.252.139.30:2254 -> 17300 ---------------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-incidents2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 09:37:42 PDT