Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Port 1023 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 1023 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp gs400-nas Linux backend of Gateway GS-400 NAS
Top IPs Scanning
TodayYesterday
45.136.109.15 (50)172.104.142.105 (858)
80.82.77.139 (11)172.105.69.158 (741)
80.82.77.33 (8)139.162.144.244 (741)
89.248.167.131 (8)23.239.11.113 (741)
66.240.236.119 (8)97.107.133.187 (740)
198.108.67.48 (6)69.164.213.216 (739)
82.221.105.7 (6)45.79.163.63 (701)
185.142.236.35 (4)212.71.252.230 (663)
45.136.110.11 (4)139.162.2.70 (663)
71.6.199.23 (4)178.79.155.30 (662)
Port diary mentions
URL
Samba - Buffer Overrun, HP Remote Command Execution, Top 15 Worms, Hosts File, SasserDabber Activity
User Comments
Submitted By Date
Comment
2004-10-28 05:52:40
dabber variant scans for this port
2004-06-21 17:07:13
W32.Sasser.G Discovered on: June 10, 2004 Last Updated on: June 11, 2004 02:58:37 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html Uses different port numbers, used by FTP server and the remote shell: 1023 and 1022. Has an updated routine for finding vulnerable computers. W32.Sasser.G sends an ICMP echo request before attempting to make a connection. This change may prevent the worm from properly executing on Windows 2000 systems. W32.Sasser.G can run on, but not infect, Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect vulnerable computers.
Morten Skeldal 2004-06-15 17:24:04
Sasser.E installs an FTP-server on this port
2004-05-24 04:13:16
Sasser.E http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.e.worm.html
Add a comment
CVE Links
CVE # Description