Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Subseven Scans

Re: Subseven Scans

From: Baribault, Gary <gary_at_baribault.net>
Date: Mon, 12 Aug 2002 15:12:30 -0400

Hum .. I just found a bunch of 27374 on one of my SDSL link with a few of
the 12345 scans. This link's firewall is allways way more active. My second
is an ADSL and it's usually quieter, this one has no 12345 but a few 27374.

Gary B

At 11:08 AM 8/12/2002 -0500, Preston Kutzner wrote:
>Hello Rob,
>
>Sunday, August 11, 2002, 8:42:50 AM, you wrote:
>
>RK> Anyone else seeing a huge increase in subseven scans...6708 since about
>RK> 0300Z - across all of my class C's and from quite a few sources
>(running the
>RK> query now to see how many).
>
>RK> Rob
>
>
>RK>
>----------------------------------------------------------------------------
>RK> This list is provided by the SecurityFocus ARIS analyzer service.
>RK> For more information on this free incident handling, management
>RK> and tracking system please see: http://aris.securityfocus.com
>
>I've seen quite a bit of traffic on ports tcp/12345 and tcp/27374.
>According to what I've seen, 27374 is a port used by quite a few
>versions of SubSeven, as for 12345, it's not mentioned that subseven
>runs on that port (that I've seen), but I am seeing attempted
>connections to these ports at the same time (maybe some other vuln
>attempt I'm not aware of? anyone?). Hope that helps.
>
>--
>Preston Kutzner | IT Manager
>Marketing Resources, Inc.
>
>_________________________________________________________________
>The information transmitted is intended only for the person or entity to
>which it is addressed and may contain confidential and/or privileged
>material. Any review, retransmission, dissemination or other use of, or
>taking of any action in reliance upon, this information by persons or
>entities other than the intended recipient is prohibited. If you received
>this in error, please contact the sender and delete the material from any
>computer.
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Aug 12 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos