Ian
Stole All the Forum Stars
Good things come to those who wait ...
Posts: 2913
|
 |
Lots of port activity... anyone else see these?
« on: Jan 7th, 2004, 8:51pm » |
 Quote  Modify
|
Okay, here's the latest 'craze'...
Machines infect with RAT are hitting my IP right now, from all over the place (Belgium and Germany mostly, but also UK and Italy)
Something new - there seems to be an exploit (won't call it more than that for the moment) that uses TCP 1711 (registered service=pptconference: info at http://isc.incidents.org/port_details.html?port=1711), mostly from sources in the Netherlands and Hungary (one in each country is quite persistent, at 12 in the last 5 mins). This maybe akin to the P2P exploits used by many malware writers, but specifically targetted at businesses and SOHO users. There's a UDP service on this port as well, but I'm only seeing TCP for now, indicating endpoint-to-endpoint connection; just the sort of thing malware needs to spread.
There's also something banging away on TCP 20237, from domain 'flanagan.ugr.es', that I can't ID yet...
Anyone else seeing these?
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register