-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Samba Web Administration Tool (SWAT) listens on this port. It seems that scans for this port have increased, based on some of these reports. Check your samba SWAT configs, iptables and perimeter FW rules. Anyone know anything about a new exploit? On Tue, 03 Jun 2003 04:18:25 -0700 morning_wood <se_cur_ityat_private> wrote: >Depends if its a Win box or *nix. If it was win I would suggest it >is a scan >for the trojan "Net-Devil" . If it is a *nix box there is a remote >admin on >many installs at that port. > >morning_wood >http://exploitlabs.com > >----- Original Message ----- >From: "David Kennedy CISSP" <david.kennedyat_private> >To: <incidentsat_private> >Sent: Monday, June 02, 2003 12:35 AM >Subject: Hmm....901 > > >> I hate a mystery. Saw several 901's in my reports. >> >> >http://isc.incidents.org/port_details.html?port=901&repax=1&tarax=2&srcax=2& >> percent=N&days=70&Redraw=Submit+Query >> >> Date Sources Targets Records >> 2003-06-02 97 13168 31506 >> 2003-06-01 482 51263 77878 >> 2003-05-31 149 41068 43239 >> 2003-05-30 135 36259 71512 >> 2003-05-29 31 32336 32403 >> 2003-05-28 22 61853 102004 >> 2003-05-27 39 317 405 >> 2003-05-26 67 230 501 >> 2003-05-25 62 361 665 >> 2003-05-24 39 152 541 >> >> >> 2003-04-19 11 35419 57290 >> >> >> >> -- >> Regards, >> /"\ >> David Kennedy CISSP \ / ASCII Ribbon Campaign >> Protect what you connect; X Against HTML Mail >> Look both ways before crossing the Net. / \ >> >> >> -------------------------------------------------------------- >------------ >-- >> -------------------------------------------------------------- >------------ >-- >> >> > >---------------------------------------------------------------- >------------ >---------------------------------------------------------------- >------------ > > > Curt R. Wilson Netw3 Security www.netw3.com -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj7c7x4ACgkQRnf2MGkR9yvL0QCaAzlbfmog0y0C0SeLYN9XfTtz1bkA n0BBaASwGILjas9RQcDiNmXSrdd5 =OOrL -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 15:19:13 PDT