Loading...
[get complete service list]
Top of page
Top of page
Port Information
Protocol Service Name
tcp lockstep LOCKSTEP
udp lockstep LOCKSTEP
Top IPs Scanning
Today Yesterday
89.248.163.61 (3)194.180.49.130 (7)
194.180.49.130 (3)194.180.49.75 (5)
193.163.125.91 (2)185.156.73.52 (4)
3.146.39.44 (2)212.103.72.222 (3)
109.205.213.250 (2)89.248.163.61 (2)
3.146.39.40 (2)89.248.163.196 (2)
185.156.73.52 (2)193.163.125.67 (2)
103.191.208.14 (1)193.163.125.7 (2)
193.163.125.188 (1)194.180.49.110 (2)
89.248.163.184 (1)100.27.42.151 (2)
User Comments
Submitted By Date
Comment
2003-08-08 22:00:28
I just observed a host that is running an FTP server on 2125/tcp. The FTP server's banner says: 220 Welcome to snickers RooTed FTP. I have strong reasons to believe that it has been recently compromised (between 1 and 2 weeks ago). Nmap and nessus identified the system as a Windows ME, 2000, or XP. This same system has an unknown web server on 3531/tcp. The web server supports CONNECT proxy requests. I think the recent spike for 3531/tcp (7 days ago) was someone scanning for these compromised hosts.
Top of page
CVE Links
CVE # Description
Top of page