Re: new exploit - ping/137/27374 ?

To: JonesMB <jonesmb@arthem.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: new exploit - ping/137/27374 ?
From: Daniel Stone <daniel@sfarc.net>
Date: Sat, 30 Jun 2001 11:34:25 +1000
Message-id: <20010630113425.A14656@sfarc.net>
Mail-followup-to: JonesMB <jonesmb@arthem.com>, debian-firewall@lists.debian.org
In-reply-to: <3.0.6.32.20010629143019.00b29c00@arthem.com>
References: <006501c0ffda$68b32c20$0600a8c0@logisys.ht> <20010628134230.A12491@dmcom.net> <3.0.6.32.20010629143019.00b29c00@arthem.com>

On Fri, Jun 29, 2001 at 02:30:19PM -0500, JonesMB wrote:
> is there a new exploit script that starts with a ping, followed by attempts
> at connecting to port 137, followed by 27374.  I have seen a big increase
> in this in my ipchains logs this week.  I have also noticed that attempts
> at port 111 have almost disappeared.
> 
> jmb
> 
> PS - before any educates me on the port numbers being used in the attempts,
> I know that 111 is for RPC exploits, 137 is for Netbios SMB and 27374 is
> for SubSeven.

It's probably some l33t script kiddie tool that checks for both attacks.

-- 
Daniel Stone						     <daniel@sfarc.net>
<Nuke> "can NE1 help me aim nuclear weaponz????? /MSG ME!!"

Reply to:

Follow-Ups:
- Re: new exploit - ping/137/27374 ?
  - From: "Ken Seefried" <ken@seefried.com>

References:
- ipchains logging to console
  - From: "Philippe Clérié" <debian@gcal.net>
- Re: ipchains logging to console
  - From: Wayne Topa <wtopa@dmcom.net>
- new exploit - ping/137/27374 ?
  - From: JonesMB <jonesmb@arthem.com>

Prev by Date: new exploit - ping/137/27374 ?
Next by Date: Hmm
Previous by thread: new exploit - ping/137/27374 ?
Next by thread: Re: new exploit - ping/137/27374 ?
Index(es):
- Date
- Thread