Security Incidents mailing list archives
Re: Hmm....901
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Tue, 3 Jun 2003 04:18:25 -0700
Depends if its a Win box or *nix. If it was win I would suggest it is a scan for the trojan "Net-Devil" . If it is a *nix box there is a remote admin on many installs at that port. morning_wood http://exploitlabs.com ----- Original Message ----- From: "David Kennedy CISSP" <david.kennedy () acm org> To: <incidents () securityfocus com> Sent: Monday, June 02, 2003 12:35 AM Subject: Hmm....901
I hate a mystery. Saw several 901's in my reports.
http://isc.incidents.org/port_details.html?port=901&repax=1&tarax=2&srcax=2&;
percent=N&days=70&Redraw=Submit+Query
Date Sources Targets Records
2003-06-02 97 13168 31506
2003-06-01 482 51263 77878
2003-05-31 149 41068 43239
2003-05-30 135 36259 71512
2003-05-29 31 32336 32403
2003-05-28 22 61853 102004
2003-05-27 39 317 405
2003-05-26 67 230 501
2003-05-25 62 361 665
2003-05-24 39 152 541
2003-04-19 11 35419 57290
--
Regards,
/"\
David Kennedy CISSP \ / ASCII Ribbon Campaign
Protect what you connect; X Against HTML Mail
Look both ways before crossing the Net. / \
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
--
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Hmm....901 David Kennedy CISSP (Jun 02)
- Re: Hmm....901 morning_wood (Jun 03)
- Re: Hmm....901 Florin Andrei (Jun 06)
- <Possible follow-ups>
- FW: Hmm....901 Brian Taylor (Jun 03)
- Re: Hmm....901 cvonancken (Jun 03)
- Re: Hmm....901 Curt Wilson (Jun 03)
- Re: Hmm....901 Jason Falciola (Jun 10)