Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Port 20000/TCP Activity - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 20000/TCP Activity
We've been noticing a fair amount of activity on port 20000/TCP over the last month or so.

This port has been reported as the default port for Usermin servers and the National Vulnerability Database (NVD) at NIST does show several Usermin issues in the last year, but nothing obviously related to the current activity.

Published: 9/19/2006 CVSS Severity: 3.3 (Low)
Published: 9/5/2006 CVSS Severity: 7.0 (High)
CVE-2006-3392 (VU#999601)
Published: 7/6/2006 CVSS Severity: 2.3 (Low)

Anyone else seeing this activity or have any insight? Packet captures, shellcode, malicious binaries, whatever are always welcome.
Submit via the contact page.

49 Posts

Sign Up for Free or Log In to start participating in the conversation!