lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <5DA785C92D04A546B09F992FBC25C55E06EAC7E1@gs-exch1.guidancesoftware.com>
Date: Tue, 15 Feb 2005 12:13:36 -0800
From: "Mueller, Lance" <lance.mueller@...dancesoftware.com>
To: <baldwinL@...etwatchman.com>, <incidents@...urityfocus.com>,
	<bugtraq@...urityfocus.com>
Subject: RE: Exploit on tcp/4128?


Its looking for Optix Pro v1.3 backdoor...... There is specific data exchanged between the client program and the actual backdoor server program for Optix Pro....

Look slike a scanner that is looking for Optix Pro RAT's

-lance-


-----Original Message-----
From:	Lawrence Baldwin [mailto:baldwinL@...etwatchman.com]
Sent:	Mon 2/14/2005 1:59 PM
To:	incidents@...urityfocus.com; bugtraq@...urityfocus.com
Cc:	
Subject:	Exploit on tcp/4128?
Anyone know what this is:

D:\nc>nc -n -v 64.132.205.69 4128
(UNKNOWN) [64.132.205.69] 4128 (?) open

'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet

'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
'ÖP?
   ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet    ^C


The same host above is scanning the *world* for this port:

http://www.mynetwatchman.com/LID.asp?IID=146159119

Regards,

Lawrence Baldwin
myNetWatchman.com
 
Note: The information contained in this message may be privileged and  
confidential and thus protected from disclosure. If the reader of this  
message is not the intended recipient, or an employee or agent responsible  
for delivering this message to the intended recipient, you are hereby  
notified that any dissemination, distribution or copying of this  
communication is strictly prohibited.  If you have received this  
communication in error, please notify us immediately by replying to the  
message and deleting it from your computer.  Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ