Security Incidents mailing list archives
Re: mystery SF scan tool = Idlescan correlation
From: Joe Stewart <jstewart () LURHQ COM>
Date: Mon, 20 Nov 2000 11:00:04 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon Nov 13 2000 - 16:58:06 CST, teri.k.bidwell () XO COM wrote:
For a year or so the scan tool has been unidentified and referred to by one Bugtaq poster as "mystery tool number 11". At least, I couldn't find any correlations that identified it anywhere on the web.
I have positively identified "mystery tool number 11" as Synscan by psychoid: http://www.psychoid.lam3rz.de/synscan.html At the end of any scan, it's also designed to send a SYN-FIN to www.microsoft.de on port 31337, so if you guys at MS Germany are wondering why you are getting thousands of B.O. scans a day, that's why :) - -Joe - -- Joe Stewart Information Security Analyst LURHQ Corporation ==========================> jstewart () lurhq com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GUqJkbW2pYIjPYgRAsmfAJ9GtYueMoYkIS+0um8KBG3suLi9SQCghAJB ksDnAavj3iAhtwoEKFkNRs8= =eYt6 -----END PGP SIGNATURE-----
Current thread:
- mystery SF scan tool = Idlescan correlation Bidwell, Teri K (Nov 14)
- Re: mystery SF scan tool = Idlescan correlation Stephen P. Berry (Nov 17)
- Re: mystery SF scan tool = Idlescan correlation George Bakos (Nov 24)
- Re: mystery SF scan tool = Idlescan correlation LiquidK (Nov 18)
- <Possible follow-ups>
- Re: mystery SF scan tool = Idlescan correlation Joe Stewart (Nov 21)
- Re: mystery SF scan tool = Idlescan correlation Stephen P. Berry (Nov 17)