[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new exploit - ping/137/27374 ?

What do the ping/syn packets look like?  Perhaps
a specific IDS rule can be thrown together for them?


----- Original Message -----
From: JonesMB <jonesmb@arthem.com>
To: <debian-firewall@lists.debian.org>
Sent: Friday, June 29, 2001 1:30 PM
Subject: new exploit - ping/137/27374 ?

> is there a new exploit script that starts with a ping, followed by
> at connecting to port 137, followed by 27374.  I have seen a big increase
> in this in my ipchains logs this week.  I have also noticed that attempts
> at port 111 have almost disappeared.
> jmb
> PS - before any educates me on the port numbers being used in the
> I know that 111 is for RPC exploits, 137 is for Netbios SMB and 27374 is
> for SubSeven.
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact

Reply to: