RE: [MLUG] new series of attacks

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <EMAIL:PROTECTED>
Subject: RE: [MLUG] new series of attacks
From: "McNutt, Justin M." <EMAIL:PROTECTED>
Date: Tue, 11 Jun 2002 06:26:28 -0500
Reply-to: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED
Thread-index: AcIN8dph0TwwyppQS0SfpYBGplNjlQDSOEZw
Thread-topic: [MLUG] new series of attacks

> I'm getting tons of this in my iplog all of a sudden (some 
> yesterday, much
> more today):
> 
> Jun  6 12:41:10 TCP: port 27374 connection attempt from 
> c-66-56-76-79.atl.client2.attbi.com:3066
> Jun  6 12:41:10 TCP: port 12345 connection attempt from 
> c-66-56-76-79.atl.client2.attbi.com:3067
> 
> Attempts from a site come in pairs like this, usually 
> repeating 3-4 times
> in very rapid succession.  I think those ports are for trojans, but I
> guess someone has written a very lame script that has to make multiple
> attempts.  Or it could be some kind of self-spreading worm thingy.
> 
> Tell me if you know.

These are both trojans.  We block these ports at the MOREnet link at UMC.  IIRC, one is Sub7 and the other is NetBus.

--J

--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

Follow-Ups:
- RE: [MLUG] new series of attacks
  - From: Mike Miller <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] Netmeeting and firewall
Next by Date: RE: [MLUG] new series of attacks
Previous by thread: [MLUG] new series of attacks
Next by thread: RE: [MLUG] new series of attacks
Index(es):
- Date
- Thread