Security Incidents mailing list archives
Re: more info on ramen.tgz
From: dor <dor () VIRTUALMYSTIC COM>
Date: Wed, 17 Jan 2001 13:21:01 -0800
Hi, 212.184.80.190 is www.microsoft.de synscan `scans` port 80 of this host, and waits the reply.. recieving the reply is it`s indication to stop scanning... presuming that any syns sent before this, will already have been replied to.. you can verify this in the sourcecode available from http://www.psychoid.lam3rz.de -- Support your government, give Echelon / Carnivore something to parse -- classfield top-secret government restricted data information project CIA KGB GRU DISA DoD defense systems military systems spy steal terrorist Allah Natasha Gregori destroy destruct attack democracy will send Russia bank system compromise international own rule the world ATSC RTEM warmod ATMD force power enforce sensitive directorate TSP NSTD ORD DD2-N AMTAS STRAP warrior-T presidental elections policital foreign embassy takeover -------------------------------------------------------------------------- On Wed, 17 Jan 2001, Jeffrey F. Lawhorn wrote:
One more thing I've noticed about the synscan in the ramen.tgz, it sends a TCP packet to 212.184.80.190 port 80 from port 31337 after it finishes scanning each /16. Unfortunately I was unable to capture any of the actual packets. Did anyone else manage to capture one of these packets? jeffl -- Jeffrey F. Lawhorn |Internet Security Consulting Software Design Associates, Inc. |IDS Monitoring/Reporting jeffl () wanet net 619-679-5900 voice |Expunge Intruders http://www.wanet.net/ 619-679-2327 fax | Finger jeffl () wanet net for PGP Public Key. Insist on Quality! WANet.Net is an ISP/C Member - http://www.ispc.org/
Current thread:
- more info on ramen.tgz Jeffrey F. Lawhorn (Jan 17)
- Re: more info on ramen.tgz Joe Stewart (Jan 17)
- Re: more info on ramen.tgz outcast (Jan 17)
- Re: more info on ramen.tgz Nathan W. Lindstrom (Jan 17)
- Re: more info on ramen.tgz Daniel Martin (Jan 17)
- Re: more info on ramen.tgz dor (Jan 17)
- Re: more info on ramen.tgz Russell Fulton (Jan 17)
- <Possible follow-ups>
- Re: more info on ramen.tgz Russell Fulton (Jan 17)