Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scanning on tcp port 27374

From: flynngn () jmu edu (Gary Flynn)
Date: Thu, 27 Apr 2000 09:58:43 -0400

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
"Benninghoff, John" wrote:

 
I am currently working with Network ID using SHADOW, and I have seen several
sequential and semi-sequential scans on tcp port 27374. I have not been able
to figure out what exploit or service these scans are looking for, and I was
wondering if anyone knew what service runs on this port, or is it simply an
arbitrary port used by a scanning tool ? 


SubSeven 2.1 Windows Remote Control Trojan uses that port


Also, has anyone else come across these types of scans ?


Oh, yeah. :)

http://www.jmu.edu/info-security/engineering/issues/remote.htm
Previous By Date Next
Previous By Thread Next

Current thread: