[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new exploit - ping/137/27374 ?

Daniel Stone writes:

On Fri, Jun 29, 2001 at 02:30:19PM -0500, JonesMB wrote:
is there a new exploit script that starts with a ping, followed by attempts
at connecting to port 137, followed by 27374.  I have seen a big increase
in this in my ipchains logs this week.

It's probably some l33t script kiddie tool that checks for both attacks.

Hmm...maybe, maybe not. I wonder if it is a new trojan. A long time ago I wrote (for admin purposes, not hacking) a program that listened for a particular set of ping packets which started it listening on a particular port. A connect attempt to that particular port spawned an xterm back to my machine. Hard to find in a port scan and accedentally trigger. I wonder if someone might have done something similar. Ken Seefried, CISSP

Reply to: