new exploit - ping/137/27374 ?

To: debian-firewall@lists.debian.org
Subject: new exploit - ping/137/27374 ?
From: JonesMB <jonesmb@arthem.com>
Date: Fri, 29 Jun 2001 14:30:19 -0500
Message-id: <3.0.6.32.20010629143019.00b29c00@arthem.com>
In-reply-to: <00be01c100b0$39041ee0$0600a8c0@logisys.ht>
References: <006501c0ffda$68b32c20$0600a8c0@logisys.ht> <20010628134230.A12491@dmcom.net>

is there a new exploit script that starts with a ping, followed by attempts
at connecting to port 137, followed by 27374.  I have seen a big increase
in this in my ipchains logs this week.  I have also noticed that attempts
at port 111 have almost disappeared.

jmb

PS - before any educates me on the port numbers being used in the attempts,
I know that 111 is for RPC exploits, 137 is for Netbios SMB and 27374 is
for SubSeven.

Reply to:

Follow-Ups:
- Re: new exploit - ping/137/27374 ?
  - From: Daniel Stone <daniel@sfarc.net>
- Re: new exploit - ping/137/27374 ?
  - From: "Moe Harley" <moeser@airswitch.net>

References:
- ipchains logging to console
  - From: "Philippe Clérié" <debian@gcal.net>
- Re: ipchains logging to console
  - From: Wayne Topa <wtopa@dmcom.net>
- Re: ipchains logging to console
  - From: "Philippe Clérié" <debian@gcal.net>

Prev by Date: Re: smtp daemons
Next by Date: Re: new exploit - ping/137/27374 ?
Previous by thread: Re: ipchains logging to console
Next by thread: Re: new exploit - ping/137/27374 ?
Index(es):
- Date
- Thread