Re: new exploit - ping/137/27374 ?
Daniel Stone writes:
On Fri, Jun 29, 2001 at 02:30:19PM -0500, JonesMB wrote:
is there a new exploit script that starts with a ping, followed by attempts
at connecting to port 137, followed by 27374. I have seen a big increase
in this in my ipchains logs this week.
It's probably some l33t script kiddie tool that checks for both attacks.
Hmm...maybe, maybe not. I wonder if it is a new trojan. A long time ago I
wrote (for admin purposes, not hacking) a program that listened for a
particular set of ping packets which started it listening on a particular
port. A connect attempt to that particular port spawned an xterm back to my
machine. Hard to find in a port scan and accedentally trigger. I wonder if
someone might have done something similar.
Ken Seefried, CISSP