Date: Sun, 23 Sep 2001 11:30:12 -0500 From: Christopher Schulte <christopher@schulte.org> To: Pat Wendorf <beholder@unios.dhs.org>, security@freebsd.org Subject: Re: Identify this exploit Message-ID: <5.1.0.14.0.20010923112848.0237d488@pop.schulte.org> In-Reply-To: <3BAE0D83.41ACBF7B@unios.dhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:27 PM 9/23/2001 -0400, Pat Wendorf wrote: >I notice I get nearly 100 messages a day from my LOG_IN_VAIN rc.conf >option. Many of which, for the past few months has been connection >attempts to TCP port 2000, as seen here: > > > Connection attempt to TCP 209.226.99.101:2000 from 216.104.103.95:1169 > >I'm not much up on my exploits, which one is this? Could be trying to exploit a wind0wz trojan exploit: from http://www.sans.org/newlook/resources/IDFAQ/oddports.htm port 2000 Der Sp=E4her / Der Spaeher, Insane Network >-- > >Pat Wendorf -- Christopher Schulte christopher@schulte.org http://noc.schulte.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010923112848.0237d488>