Security Incidents mailing list archives
Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127
From: Arthur Clune <ajc22 () york ac uk>
Date: Wed, 21 Apr 2004 10:51:08 +0100
--On 20/04/04 22:02:08 -0400 Jeff Kell wrote:
* scans (in order) 80, 6129, 1025, 3127 (all tcp) from ephemeral source ports (the source port is not fixed).
A Polybot varient according to some discussions we've been having in .ac.uk Scans: 80 http 1025 MS-Proxy? 2745 Bagle backdoor 3127 Mydoom backdoor 6129 Dameware Remote Arthur -- Arthur Clune, Systems Security Advisor, The Computing Service University of York, UK, YO10 5DD. +44 (0) 1904 433129 PGP signing key A0389A4B. Full key http://www.clune.org/pubkey.txt --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Jeff Kell (Apr 21)
- Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 mgotts (Apr 21)
- RE: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Chris Harrington (Apr 21)
- Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Arthur Clune (Apr 21)
- RE: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Bojan Zdrnja (Apr 21)
- Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Joe Stewart (Apr 22)
- Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Charles Hamby (Apr 21)
- Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Jeff Kell (Apr 21)
- Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Charles Hamby (Apr 21)
- Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Jeff Kell (Apr 21)
- Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 Kees Leune (Apr 21)