Re: malicious scans
On 05/18/04 15:50, firstname.lastname@example.org wrote:
Thanks for the response. I realize, though, that I probably wasn't clear
enough in my request. I've been to sites like symantec, but they don't have
the kind of detail I am looking for. I realize this is off-topic, but I am
going to try to clear it up, just in case there is someone on this list who
can point me to some other resources, or even suggest the likelihood of
discovering what I am after.
Scans have been noticed coming from a certain machines on an network
segment. These scans have been of ports which are known to be potential
vulnerabilities. These aren't general look around scans, but have been
targetting very specific ports, eg. 3127, 445, 2745 and 6129, amongst
I know that scanning programmes such as nmap can be configured to probe
certain ports, as above. I suspect that many, if not all the
trojans/virii/etc in the wild can be configured in like manner. But I want
to leave no stone unturned and am trying to discover if there are any
trojans/virii/etc with a scanning pattern that matches what has been noticed
My own research hasn't turned up much yet. Googling terms such as "port
scanning trojans" has uncovered lists of such beasts without telling me
anything specific about their characteristics. Last night I even tried
googling for warez sites, but that kind of makes my skin crawl, especially
since many of the sites don't seem to have much useful info.
Let me word it this way, suppose I wanted to scan the above ports, and
exploit any vulnerabilities found, and I didn't want to do it from my own
machine, but rather by infecting someone else's, and I didn't know how to do
it myself, where would I look to find a premade programme that would do this
for me ?
Any thoughts ?
I was going to snip your message and just quote the last paragraph all
by itself.. :)
OTOH, I'll assume the real question is, "Am I at risk and what should I
Check the latest known attacks here:
and a cross reference of ports to vulnerabilities:
Be glad you're in linux-land...