Depends if its a Win box or *nix. If it was win I would suggest it is a scan for the trojan "Net-Devil" . If it is a *nix box there is a remote admin on many installs at that port. morning_wood http://exploitlabs.com ----- Original Message ----- From: "David Kennedy CISSP" <david.kennedyat_private> To: <incidentsat_private> Sent: Monday, June 02, 2003 12:35 AM Subject: Hmm....901 > I hate a mystery. Saw several 901's in my reports. > > http://isc.incidents.org/port_details.html?port=901&repax=1&tarax=2&srcax=2& > percent=N&days=70&Redraw=Submit+Query > > Date Sources Targets Records > 2003-06-02 97 13168 31506 > 2003-06-01 482 51263 77878 > 2003-05-31 149 41068 43239 > 2003-05-30 135 36259 71512 > 2003-05-29 31 32336 32403 > 2003-05-28 22 61853 102004 > 2003-05-27 39 317 405 > 2003-05-26 67 230 501 > 2003-05-25 62 361 665 > 2003-05-24 39 152 541 > > > 2003-04-19 11 35419 57290 > > > > -- > Regards, > /"\ > David Kennedy CISSP \ / ASCII Ribbon Campaign > Protect what you connect; X Against HTML Mail > Look both ways before crossing the Net. / \ > > > -------------------------------------------------------------------------- -- > -------------------------------------------------------------------------- -- > > ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 11:23:27 PDT