[unisog] Scans on tcp/41523
wo at andrew.cmu.edu
Mon Feb 14 16:03:40 GMT 2005
41523 is the CA ARCServer Discovery service. There's definitely an exploit
going around for Windows. Patch info is here:
Public exploits are available.
On 2/14/05 10:39 AM, "Keith Schoenefeld" <schoenk at utulsa.edu> wrote:
> I'm not sure what's going on yet, but I've started picking up a
> reasonably large number of scans on port tcp/41523 from off campus. The
> Internet Storm Center at SANS (isc.sans.org) has a cool tool where you
> can look up a port and see if other people are picking up scans on
> specific ports. On Feb. 12th, there were 144 total scans reported to
> isc on port 41523. For today, and total of 46,000 scans had been
> reported (a 31,844% increase if my math is correct). Something is up.
> Anyone know of any new worm that creates a backdoor on tcp/41523?
> -- KS
More information about the unisog