[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS: Scanning on tcp port 27374

To: "Benninghoff, John" <JaBenninghoff@DainRauscher.com>
Subject: Re: IDS: Scanning on tcp port 27374
From: Gary Flynn <flynngn@jmu.edu>
Date: Thu, 27 Apr 2000 09:58:43 -0400
Cc: ids@uow.edu.au

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
"Benninghoff, John" wrote:
>  
> I am currently working with Network ID using SHADOW, and I have seen several
> sequential and semi-sequential scans on tcp port 27374. I have not been able
> to figure out what exploit or service these scans are looking for, and I was
> wondering if anyone knew what service runs on this port, or is it simply an
> arbitrary port used by a scanning tool ? 

SubSeven 2.1 Windows Remote Control Trojan uses that port

> Also, has anyone else come across these types of scans ?

Oh, yeah. :)

http://www.jmu.edu/info-security/engineering/issues/remote.htm

Prev by Date: IDS: Scanning on tcp port 27374
Next by Date: Re: IDS: Scanning on tcp port 27374
Prev by thread: IDS: Scanning on tcp port 27374
Next by thread: Re: IDS: Scanning on tcp port 27374
Index(es):
- Date
- Thread