[Dshield] 4899

Bruno Friedmann brunofr at ioda.net
Sun Apr 25 14:19:19 GMT 2004


>>Subject: Re: [Dshield] 4899
>>    
>>
>
>  
>
>>Over the past 30 days, I have been hot on this port every day.  The top
>>number of probes has been > 11,000, 28 of the other days have been
>>between 1,000 and 10,000 probes.  Right now, it is number 7 on the "top
>>trends" list (just above 3127 - MyDoom.)  The details can be seen at
>>http://216.39.204.25/cgi-bin/tarpit/paged_report.plx?trends.
>>    
>>
>
>Funny, I noticed this today too. I found a few links for it, but nothing
>too note-worthy. I took a look at the last most recent connection attempt
>to that port, and it ended up being a Windows 2k server. It looked well
>maintained, not the un-firewalled worm-pot I've come to expect.
>
>
>  
>
This port is the default port for RADMIN from framatech.com a remote
admin control tools for Win OS.

Many hits here too ( CH ) ... But  not really a surprise ( it was always
been hit ).
Kiddies searching web control for leak secured server ???

-- 
Bruno Friedmann

Ioda-Net Sàrl
rue Roger-Schaffter 15 - 2830 Vellerat - Switzerland
Tél : ++41 32 435 7171 - Fax : ++41 32 435 7172
www.ioda-net.ch - www.cfcel.com




More information about the list mailing list