[unisog] Scans on tcp/41523

William O'Malley wo at andrew.cmu.edu
Mon Feb 14 16:03:40 GMT 2005


41523 is the CA ARCServer Discovery service.  There's definitely an exploit
going around for Windows.  Patch info is here:
http://supportconnectw.ca.com/public/enews/BrightStor/brigcurrent.asp#news1

Public exploits are available.



On 2/14/05 10:39 AM, "Keith Schoenefeld" <schoenk at utulsa.edu> wrote:

> I'm not sure what's going on yet, but I've started picking up a
> reasonably large number of scans on port tcp/41523 from off campus.  The
> Internet Storm Center at SANS (isc.sans.org) has a cool tool where you
> can look up a port and see if other people are picking up scans on
> specific ports.  On Feb. 12th, there were 144 total scans reported to
> isc on port 41523.  For today, and total of 46,000 scans had been
> reported (a 31,844% increase if my math is correct).  Something is up.
> Anyone know of any new worm that creates a backdoor on tcp/41523?
> 
> -- KS





More information about the unisog mailing list