[unisog] Odd scan - ports 57 and 80
iglesias at draco.acs.uci.edu
Fri Sep 20 04:05:07 GMT 2002
> We saw a largely unsuccessful (although I just saw a report that a
> user on that subnet has removed a machine they believe was compromised)
> ping/port 57/port 80 scan from 126.96.36.199 on the morning of the 17th down
> one of our class Cs. I'll have to have a closer look for a longer time on the
> host reported possibly compromised and see what happened.
We got one of these scans tonight - it not only probed for ports 80 and
57, it tried the IIS cmd.exe and root.exe (Code Red) exploits. The
scan came from 188.8.131.52, a host at the Univ of Puerto Rico.
Mike Iglesias Internet: iglesias at draco.acs.uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2069
More information about the unisog