[Dshield] Roadrunner

Peter Street peter.street at lazerfx.co.uk
Sun Oct 28 21:57:30 GMT 2001


Just noticed quite a few reports in ZA-Pro's logs from 65.34.72.90:

FWIN,2001/10/28,20:38:22 +0:00
GMT,65.34.72.90:4138,213.105.159.132:6346,TCP (flags:S)

These appear to be targeting lots of different ports, including:
4597, 1979, 1173, 1428, 2978, 3547, 3765, 1044, 1860, 1881, 1136
and quite a few others.  (If it would help, I can put a full list up).

Basically, is there somewhere I can find out what they were trying to
do?  AFAIK it's still happening (I'm running Windows XP Pro RC2 (Build
2525), and I have IIS 5.1 working with my development website on it -
does anyone know of any exploits and patches I need to consider with
this?)

Any help would be much appreciated.

Peter Street
Web Developer / Manager
LazerFX Productions
www.lazerfx.co.uk (Under Construction)






More information about the list mailing list