[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: Re: Re : Large scale scan of port 2401
From: axess <axess () alldas ! de>
Date: 2001-08-24 21:03:15
[Download RAW message or body]
On Fri, 24 Aug 2001, Sevo Stille wrote:
Mr. Sevo
From my experience.watchin defaced AIX systems all day long and
see what port they have open i draw this conclustion.
This has not been added to public notice or i would not have went into
this discussion at all. There is no flaw in it.
Just a way to determite an operating system.
We are talking about script kiddies that want * to deface.
I also refer to our database. 99% of all defaced AIX has this port open.
Since this has been a long discussion about this i want to point out
once again. No flaw / determite OS and after that exploit the AIX.
> axess wrote:
>
> > 2401/tcp cvspserver
> >
> > This port is used by AIX
>
>
> I'd be surprised if it were - it would make anon-cvs rather awkward to
> run on AIX, and that probably would have made it into public knowledge.
> This is the default port for CVS servers, anon included. And the number
> of the latter alone will probably outnumber the count of open AIX
> systems on the net by a magnitude or more...
>
> I'd expect 2401 scans to look for CVS rather than AIX. Have any new CVS
> exploits cropped up? Of course, people might just be looking for open
> accounts or public access to private archives...
>
> Sevo
>
>
--
Mikael Olsson
axess - axess@alldas.de
system administrator
IT-Security Information Network
http://www.alldas.de
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic