Home page logo
/

basics logo Security Basics mailing list archives

RE: Strange Connection Attempts
From: "Tim Heagarty" <tim () heagarty com>
Date: Mon, 17 Feb 2003 10:57:12 -0700

Port 17300 is apparently the backdoor of Kuang2. I've gotten a few hits of
it myself on a little ol' dialup line.

Tim Heagarty MCSE, MCP+I
"There are only 10 kinds of people in the world, those that understand
binary, and those that don't."
Work: (928) 636-0489
Cell: (928) 533-9690

-----Original Message-----
From: Keith T. Morgan [mailto:keith.morgan () terradon com]
Sent: Friday, February 14, 2003 11:23 PM
To: Hankes, Christopher A
Cc: security-basics () securityfocus com
Subject: RE: Strange Connection Attempts


Yeah.  We've seen these as well.  Ours came packed with a portscan for port
23, 67 (TCP) 1756, tcp 6112, and tcp 9001.  We've also seen a marked
increase in scans for tcp port 3389 (ms terminal services).  Additionally,
we've seen some odd scans for tcp 17300.

I haven't taken the time yet to see what runs on 17300 tcp.

-----Original Message-----
From: Hankes, Christopher A [mailto:Christopher.A.Hankes () uwsp edu]
Sent: Friday, February 14, 2003 1:05 PM
Cc: security-basics () securityfocus com
Subject: Strange Connection Attempts


As of about 2:00 am cst 2/14/03 I have been receiving connection
attempts on my router to port 1756(caplast-lmd). Has any one seen this
too? Are there any know vulnerabilities on that port? I have been
getting a connection attempt about every 10-15 seconds. It's
almost like
a DoS attack. Anyone have any thoughts.=20

Thanks

Christopher Hankes

CIS major

University of Wisconsin -Stevens Point






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]