Educause Security Discussion mailing list archives
Re: Am I the only one?
From: Dan Jones <dan.jones () COLORADO EDU>
Date: Wed, 14 Apr 2004 09:40:42 -0600
Agobot/Gaobot/Phatbot variants. We have also seen tcp/5000 in the mix. Jim Pollard wrote:
Or did I miss it on Bugtraq? Recently I've noticed a scan pattern in my logs and wonder if anyone might recognize it as either a known virus or some kiddie scanning tool looking for virus backdoors? There are some variations... occasionally port 80 and 8080 are included. Service: 1025 (tcp/1025) (net2fw:DROP:,eth1,none) - 2 packets (take your pick... either network blackjack or an assortment of viruses and backdoors) Service: 2745 (tcp/2745) (:net2fw:DROP:,eth1,none) - 2 packets (Beagle virus) Service: 3127 (tcp/3127) (:net2fw:DROP:,eth1,none) - 2 packets (MyDoom virus) Service: 6129 (tcp/6129) (net2fw:DROP:,eth1,none) - 3 packets (W32.Mockbot) also Dameware Thanks! Jim ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Am I the only one? Jim Pollard (Apr 14)
- <Possible follow-ups>
- Re: Am I the only one? Mark Wilson (Apr 14)
- Re: Am I the only one? Dan Jones (Apr 14)
- Re: Am I the only one? Helms, Sandra (Apr 14)
- Re: Am I the only one? Jim Pollard (Apr 14)
- Re: Am I the only one? Are Leif Garn}sjordet (Apr 14)
- Re: Am I the only one? Kathy Bergsma (Apr 14)
- Re: Am I the only one? Mark Wilson (Apr 14)
- Re: Am I the only one? Jason Richardson (Apr 14)