From owner-freebsd-security Sat Aug 15 00:53:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA01938 for freebsd-security-outgoing; Sat, 15 Aug 1998 00:53:39 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns.cityip.co.za (ns.cityip.co.za [196.25.223.140]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id AAA01933 for ; Sat, 15 Aug 1998 00:53:36 -0700 (PDT) (envelope-from wjv@cityip.co.za) Received: from wjv by ns.cityip.co.za with local (Exim 1.82 #2) id 0z7b7x-0002tw-00; Sat, 15 Aug 1998 09:51:53 +0200 Message-ID: <19980815095153.B11111@cityip.co.za> Date: Sat, 15 Aug 1998 09:51:53 +0200 From: Johann Visagie To: Scott , Roger Marquis Cc: security@FreeBSD.ORG Subject: Re: Scans to ports 1090 and 1080 References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: ; from Scott on Sat, Aug 15, 1998 at 01:55:01AM -0400 X-PGP: ftp://ftp.cityip.co.za/users/wjv/pubkey.asc Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 15 Aug 1998 at 01:55 SAT, Scott wrote: > > This would be script kiddies looking for an open wingate to exploit. The mscan README explicitly instructs script kiddies to look for open wingates first, and then goes ahead to show them exactly how to do it. It seems that many script kiddies take that README to be their bible. For instance, it tells them that many "3rd world countries" are rife with phf-exploitable web servers. So, soon after mscan came out, we here in South Africa noticed a hundredfold or more increase in scans for that particular vulnerability. Sad. (Sorry, going off-topic.) -- V Johann Visagie | Email: wjv@CityIP.co.za | Tel: +27 21 419-7878 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message