Security Incidents: Re: increase of scans against port 1524

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: increase of scans against port 1524

From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 7 Jun 2002 12:36:15 -0400 (EDT)

ingreslock   1524/tcp    ingres
ingreslock   1524/udp    ingres


For some reason, the script kiddie community has standardized on this
port as a backdoor for most automated attacks...  Though the
vulnerabilities and tools are constantly changing, we have repeatedly
seen the use of 1524 as the backdoor.


This is probably because new shellcode for buffer overflows is still
difficult to write, so many exploit writers (and subsequently script
kiddies) "cut and paste" the same shellcode over and over again.

- Steve

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

RE: increase of scans against port 1524, (continued)
- RE: increase of scans against port 1524 Antonio Montes (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 Lance Spitzner (Jun 05)
- RE: increase of scans against port 1524 Foster, Belinda (Jun 05)
- Re: increase of scans against port 1524 Steven M. Christey (Jun 07)