[unisog] echo and chargen

Allen Chang allen at rescomp.berkeley.edu
Wed Jan 22 01:34:55 GMT 2003


I would run a Nessus scan on those computers to check for blank passwords.
Or simply call up the students and ask them. We've seen many Windows 2k
computers compromised with all sorts of fun things running on different
ports.

Allen Chang
Network Security Coordinator
Residential Computing

On Tue, 21 Jan 2003, Mary M. Chaddock wrote:

> The machines with the ports open are student's computers located in their
> dorms.  These are machines that did not have these ports open last month.
> There are quite a few of them. My firewall logs show there were several
> incoming connections _from_ port 7 on a udavis.edu computer. However,
> again, that is only one of many. There is a payload, and this does not
> appear to be a DoS.
>
> I'm suspecting P2P is involved somehow.
>
> Thanks,
> -Mary.
>
> Mary M. Chaddock, GSEC, GCUX
> Network Security Administrator
>



More information about the unisog mailing list