Security Incidents: Re: Lion Worm/crew.tgz

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Lion Worm/crew.tgz

From: Chris Keladis <Chris.Keladis () CMC CWO NET AU>
Date: Tue, 27 Mar 2001 10:14:38 -0500

Funnily enough SubSeven usually sits on that port.

Perhaps this is some form of SubSeven server/client/honeypot under the
guise of the asp protocol?



Regards,

Chris.

At 04:30 PM 3/26/01 -0500, John Jasen wrote:

On Mon, 26 Mar 2001, Cooper wrote:

> > asp stream tcp nowait root /sbin/asp
>
> What is asp?

asp             27374/tcp                       # Address Search Protocol
asp             27374/udp                       # Address Search Protocol

beyond that, I have no friggin clue.

--
-- John E. Jasen (jjasen1 () umbc edu)
-- In theory, theory and practise are the same. In practise, they aren't.

By Date By Thread

Current thread:

Re: Lion Worm/crew.tgz, (continued)
- Re: Lion Worm/crew.tgz John Jasen (Mar 26)
  - Re: Lion Worm/crew.tgz Cooper (Mar 26)
    - Re: Lion Worm/crew.tgz John Jasen (Mar 26)
    - Re: Lion Worm/crew.tgz Daniel Martin (Mar 26)
    - Re: Lion Worm/crew.tgz Cooper (Mar 26)
    - Message not available
    - Re: Lion Worm/crew.tgz Chris Keladis (Mar 26)
- Re: Lion Worm/crew.tgz Roberto (Mar 24)
  - Lion Worm/crew.tgz/suspect bind versions Lawrence Frewin of Accommodation.com (Mar 24)
    - Re: Lion Worm/crew.tgz/suspect bind versions Valdis Kletnieks (Mar 26)
    - Re: Lion Worm/crew.tgz/suspect bind versions Lucian Hudin (Mar 27)
    - Re: Lion Worm/crew.tgz/suspect bind versions Valdis Kletnieks (Mar 27)