Re: Hmm....901

From: Curt Wilson (netw3_securityat_private)
Date: Tue Jun 03 2003 - 11:54:37 PDT

Next message: sec_slaveat_private: "Help with an odd log file..."

Previous message: cvonancken: "Re: Hmm....901"
Maybe in reply to: David Kennedy CISSP: "Hmm....901"
Next in thread: Florin Andrei: "Re: Hmm....901"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Samba Web Administration Tool (SWAT) listens on this port. It seems that
scans for this port have increased, based on some of these reports. Check
your samba SWAT configs, iptables and perimeter FW rules. Anyone know
anything about a new exploit?

On Tue, 03 Jun 2003 04:18:25 -0700 morning_wood <se_cur_ityat_private>
wrote:
>Depends if its a Win box or *nix. If it was win I would suggest it
>is a scan
>for the trojan "Net-Devil" . If it is a *nix box there is a remote
>admin on
>many installs at that port.
>
>morning_wood
>http://exploitlabs.com
>
>----- Original Message -----
>From: "David Kennedy CISSP" <david.kennedyat_private>
>To: <incidentsat_private>
>Sent: Monday, June 02, 2003 12:35 AM
>Subject: Hmm....901
>
>
>> I hate a mystery.  Saw several 901's in my reports.
>>
>>
>http://isc.incidents.org/port_details.html?port=901&repax=1&tarax=2&srcax=2&
>> percent=N&days=70&Redraw=Submit+Query
>>
>> Date Sources Targets Records
>> 2003-06-02 97  13168 31506
>> 2003-06-01 482  51263 77878
>> 2003-05-31 149  41068 43239
>> 2003-05-30 135  36259 71512
>> 2003-05-29 31  32336 32403
>> 2003-05-28 22  61853 102004
>> 2003-05-27 39  317 405
>> 2003-05-26 67  230 501
>> 2003-05-25 62  361 665
>> 2003-05-24 39  152 541
>>
>>
>> 2003-04-19 11  35419 57290
>>
>>
>>
>> --
>> Regards,
>>                                           /"\
>> David Kennedy CISSP                       \ / ASCII Ribbon Campaign
>> Protect what you connect;                  X  Against HTML Mail
>> Look both ways before crossing the Net.   / \
>>
>>
>> --------------------------------------------------------------
>------------
>--
>> --------------------------------------------------------------
>------------
>--
>>
>>
>
>----------------------------------------------------------------
>------------
>----------------------------------------------------------------
>------------
>
>
>
Curt R. Wilson
Netw3 Security
www.netw3.com
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj7c7x4ACgkQRnf2MGkR9yvL0QCaAzlbfmog0y0C0SeLYN9XfTtz1bkA
n0BBaASwGILjas9RQcDiNmXSrdd5
=OOrL
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: sec_slaveat_private: "Help with an odd log file..."
Previous message: cvonancken: "Re: Hmm....901"
Maybe in reply to: David Kennedy CISSP: "Hmm....901"
Next in thread: Florin Andrei: "Re: Hmm....901"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 15:19:13 PDT