[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: RE: scans on port 57
From: "Craig, Scott" <SCraig () kmart ! com>
Date: 2002-11-13 16:06:18
[Download RAW message or body]
I'm seeing the same thing. I also noticed one of the Code Red probes came at
the same time as a port57 scan from the same address yesterday.
On 11/1, I reported seeing very large IIS vulnerability probes that also
coincided with a port 57 scan.
One reply I received was that it was probably someone using "FxScanner". See
the following URL for details:
http://cert.uni-stuttgart.de/archive/intrusions/2002/11/msg00015.html
> -----Original Message-----
> From: Ingersoll, Jared [mailto:jared@cswv.com]
> Sent: Tuesday, November 12, 2002 8:01 AM
> To: incidents@securityfocus.com
> Subject: scans on port 57
>
>
> I'm seeing a lot of blocked scans on port 57 in my firewall
> logs, many times in conjunction with a port 80 or port 21
> scan. I was working under the assumption that these were
> related to a misconfigured port scanner, but I'm seeing them
> from a pretty diverse set of source addresses, so now I'm
> curious what they're looking for.
>
> jared
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer
> service. For more information on this free incident handling,
> management
> and tracking system please see: http://aris.securityfocus.com
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic