|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: pj
ESEC.DKDate: Thu Apr 05 2001 - 16:29:59 CDT
As many others on the list we have seen a remarkable rise in tcp/515
scans after April 1st. The description of the Adore Worm on SANS mentions
attacks on ftp and RPC as well, but this has not been the case in the
scans we have collected, only scans to the LPRng port came from the
attacking Linux hosts. In some incidents port 3879 was contacted 3
minutes later (this has been described earlier on this list as the
rootshell port used after a succesfull attack), but not the RPC or FTP
ports.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]