[Dshield] New probe?
fixer at gci.net
Sun Mar 16 19:12:23 GMT 2003
>From the looks of it, that matches the pattern of a tool called
FXScanner. FXScanner uses port 57, which generally isn't used for
anything to determine it there's a firewall in place (the theory being
that if there's a firewall there, port 57 will be blocked). More infor
on FXScanner can be found here:
From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
Sent: Saturday, March 15, 2003 10:24 AM
To: list at dshield.org
Subject: [Dshield] New probe?
We have noticed what appears to be a new probe pattern. The intruder
hits first port 80 (http), then 57 (what exactly is 57?), then 21 (ftp),
in that order, and there is about 3 seconds between each probe.
Any idea what this probe is and what it is trying to accomplish?
Jon R. Kibler
Charleston, SC USA
More information about the list