Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: increase of scans against port 1524

Re: increase of scans against port 1524

From: Steven M. Christey <coley_at_linus.mitre.org>
Date: Fri, 7 Jun 2002 12:36:15 -0400 (EDT)

>> ingreslock 1524/tcp ingres
>> ingreslock 1524/udp ingres
>
>For some reason, the script kiddie community has standardized on this
>port as a backdoor for most automated attacks... Though the
>vulnerabilities and tools are constantly changing, we have repeatedly
>seen the use of 1524 as the backdoor.

This is probably because new shellcode for buffer overflows is still
difficult to write, so many exploit writers (and subsequently script
kiddies) "cut and paste" the same shellcode over and over again.

- Steve

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Jun 07 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]