Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: [[INCIDENTS] TCP 27374 from network 24?]

Re: [[INCIDENTS] TCP 27374 from network 24?]

From: anti hack <antihackrz_at_NETSCAPE.NET>
Date: Tue, 3 Oct 2000 04:33:07 EDT

Glenn Forbes Fleming Larratt <glratt_at_IO.COM> wrote:
> We have experienced 13 different nodes in various different netlbk's
> in network 24(.0.0.0/8) since this past Tuesday. Are others seeing
> this pattern? Is there a spoofer or a rampant spread of some Trojan
> in the various cable providers et.al. on that network?

27374 is the default port for the sub7 trojan, which is likely the most common
windows backdoor RAT. Thousands of victims and as many or more wannabe
trojaners scanning for those infected. It seems they prefer the bandwidth and
24/7 connections cable provides.

____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail
Received on Oct 03 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos