[unisog] Scans on tcp/41523

Erik Fichtner emf at obfuscation.org
Mon Feb 14 17:03:24 GMT 2005


On Mon, Feb 14, 2005 at 09:39:36AM -0600, Keith Schoenefeld wrote:
> I'm not sure what's going on yet, but I've started picking up a
> reasonably large number of scans on port tcp/41523 from off campus.

cybertronic released a zero-day exploit for BrightStor ARCServe backup
that supposedly overflows a service on 41523/tcp.

http://www.k-otik.com/exploits/20050211.brightstor.c.php
and 
http://www.k-otik.com/exploits/20050213.cabrightstor_disco_servicepc.pm.php


If you can funnel some of those connections into a netcat listener or
something and capture packets, the Internet Storm Center handlers would
_love_ some samples.  


-- 
Erik Fichtner; Unix Ronin

"Mathematics is something best shared between consenting adults
in the privacy of their own office" - Adam O'Donnell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050214/ea26315e/attachment-0002.bin


More information about the unisog mailing list