brunofr at ioda.net
Sun Apr 25 14:19:19 GMT 2004
>>Subject: Re: [Dshield] 4899
>>Over the past 30 days, I have been hot on this port every day. The top
>>number of probes has been > 11,000, 28 of the other days have been
>>between 1,000 and 10,000 probes. Right now, it is number 7 on the "top
>>trends" list (just above 3127 - MyDoom.) The details can be seen at
>Funny, I noticed this today too. I found a few links for it, but nothing
>too note-worthy. I took a look at the last most recent connection attempt
>to that port, and it ended up being a Windows 2k server. It looked well
>maintained, not the un-firewalled worm-pot I've come to expect.
This port is the default port for RADMIN from framatech.com a remote
admin control tools for Win OS.
Many hits here too ( CH ) ... But not really a surprise ( it was always
been hit ).
Kiddies searching web control for leak secured server ???
rue Roger-Schaffter 15 - 2830 Vellerat - Switzerland
Tél : ++41 32 435 7171 - Fax : ++41 32 435 7172
www.ioda-net.ch - www.cfcel.com
More information about the list