Hello Rob,
Sunday, August 11, 2002, 8:42:50 AM, you wrote:
RK> Anyone else seeing a huge increase in subseven scans...6708 since about
RK> 0300Z - across all of my class C's and from quite a few sources
(running the
RK> query now to see how many).
RK> Rob
RK>
----------------------------------------------------------------------------
RK> This list is provided by the SecurityFocus ARIS analyzer service.
RK> For more information on this free incident handling, management
RK> and tracking system please see: http://aris.securityfocus.com
I've seen quite a bit of traffic on ports tcp/12345 and tcp/27374.
According to what I've seen, 27374 is a port used by quite a few
versions of SubSeven, as for 12345, it's not mentioned that subseven
runs on that port (that I've seen), but I am seeing attempted
connections to these ports at the same time (maybe some other vuln
attempt I'm not aware of? anyone?). Hope that helps.
--
Preston Kutzner | IT Manager
Marketing Resources, Inc.
_________________________________________________________________
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Intro
