Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: [Unusual Network_scan[tcp-6267]]
From: Patrick Benson <benson () chello se>
Date: Thu, 31 Jan 2002 23:40:04 +0100
Russell Fulton wrote:


Anyone have any idea what this might be looking for?  I ususally assume
that scans on odd port numbers are just looking for hosts compromised in
previous sweeps but 6267 is a bit too close to 6112 and I want to be
sure that it isn't another rpc service I don't know about.  I have
searched the snort port database and google but found nothing relevant.

Cheers, Russell.


Maybe it's looking for this:

http://www.megasecurity.org/trojans/guangwaigirl/Guangwaigirl1.0a.html


-- 
Patrick Benson
Stockholm, Sweden

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
  • Re: [Unusual Network_scan[tcp-6267]] Patrick Benson (Feb 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]