Handler on Duty: Xavier Mertens
Threat Level: green
Loading...
|
|
Submitted By | Date |
---|---|
Comment | |
2003-08-08 22:00:28 | |
I just observed a host that is running an FTP server on 2125/tcp. The FTP server's banner says: 220 Welcome to snickers RooTed FTP. I have strong reasons to believe that it has been recently compromised (between 1 and 2 weeks ago). Nmap and nessus identified the system as a Windows ME, 2000, or XP. This same system has an unknown web server on 3531/tcp. The web server supports CONNECT proxy requests. I think the recent spike for 3531/tcp (7 days ago) was someone scanning for these compromised hosts. |
CVE # | Description |
---|