[Dshield] Roadrunner

Johannes B. Ullrich jullrich at euclidian.com
Mon Oct 29 02:59:19 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Just noticed quite a few reports in ZA-Pro's logs from 65.34.72.90:
> 
> FWIN,2001/10/28,20:38:22 +0:00
> GMT,65.34.72.90:4138,213.105.159.132:6346,TCP (flags:S)
> 
> These appear to be targeting lots of different ports, including:
> 4597, 1979, 1173, 1428, 2978, 3547, 3765, 1044, 1860, 1881, 1136
> and quite a few others.  (If it would help, I can put a full list up).
> 

These ports do not ring a bell. Sometimes, tools are probing for known 
trojan ports and try to take the machines over (e.g. like 'Leaves' or 
'Easyspeed').

I don't see any of the known trojan ports in your list. So it may be 
interesting to see a complete scan.



- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE73MYJVOIizK5pIDMRAi7+AJ4tmsiGkufA990vUMjEAbiYAm5z3wCfetnH
LvC22MdynAQcpxELuL3wzLY=
=CDbH
-----END PGP SIGNATURE-----




More information about the list mailing list