[unisog] Odd scan - ports 57 and 80

Mike Iglesias iglesias at draco.acs.uci.edu
Fri Sep 20 04:05:07 GMT 2002


> 	We saw a largely unsuccessful (although I just saw a report that a 
> user on that subnet has removed a machine they believe was compromised) 
> ping/port 57/port 80 scan from 213.64.139.37 on the morning of the 17th down
> one of our class Cs.  I'll have to have a closer look for a longer time on the 
> host reported possibly compromised and see what happened.

We got one of these scans tonight - it not only probed for ports 80 and
57, it tried the IIS cmd.exe and root.exe (Code Red) exploits.  The
scan came from 136.145.174.97, a host at the Univ of Puerto Rico.


Mike Iglesias                          Internet:    iglesias at draco.acs.uci.edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069



More information about the unisog mailing list