Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp lockstep LOCKSTEP
udp lockstep LOCKSTEP
Top IPs Scanning
Today Yesterday
User Comments
Submitted By Date
Comment
2003-08-08 22:00:28
I just observed a host that is running an FTP server on 2125/tcp. The FTP server's banner says: 220 Welcome to snickers RooTed FTP. I have strong reasons to believe that it has been recently compromised (between 1 and 2 weeks ago). Nmap and nessus identified the system as a Windows ME, 2000, or XP. This same system has an unknown web server on 3531/tcp. The web server supports CONNECT proxy requests. I think the recent spike for 3531/tcp (7 days ago) was someone scanning for these compromised hosts.
CVE Links
CVE # Description