Net Manager
Network Managing, Engineering and Administration with an eye toward security.

Best practices meets the real world!

Thursday, May 15, 2003  

Yesterday, I found an interesting item in my snort logs. Looked like a very innocent (and was) scan of my network for port 80, then port 57, then port 21. Looked for some references to port 57 because I've never seen that one before. Voila, Google comes to the rescue again:

It appears that this is the result of the "FX-Scanner" vulnerability scanner, and has been known to be used by German crackers (see this Incident discussion for more information and links to the scanner.

Interesting not only to know what the crackers are up to, but to be able to see scans from them. BTW: I suspect that the machine that I saw the scan from was a cracked (or trojaned) box [hint, it wasn't in Germany :_)]

posted by David | 5/15/2003 10:05:00 AM


Post a Comment

<< Home

News Links
Blog Links


Reading blogs at work? Click to escape to a suitable site!
Get Firefox

Site Meter

Powered by Blogger