[unisog] Odd scan - ports 57 and 80

Mike Iglesias iglesias at draco.acs.uci.edu
Fri Sep 20 04:05:07 GMT 2002

> 	We saw a largely unsuccessful (although I just saw a report that a 
> user on that subnet has removed a machine they believe was compromised) 
> ping/port 57/port 80 scan from on the morning of the 17th down
> one of our class Cs.  I'll have to have a closer look for a longer time on the 
> host reported possibly compromised and see what happened.

We got one of these scans tonight - it not only probed for ports 80 and
57, it tried the IIS cmd.exe and root.exe (Code Red) exploits.  The
scan came from, a host at the Univ of Puerto Rico.

Mike Iglesias                          Internet:    iglesias at draco.acs.uci.edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069

More information about the unisog mailing list