Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Port 41523 (tcp/udp) Attack Activity Port 41523 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
Top IPs Scanning
TodayYesterday
195.54.160.40 (12)195.54.167.40 (3)
185.176.27.198 (2)94.102.49.159 (3)
194.26.29.143 (1)195.54.161.68 (3)
185.176.27.106 (1)176.113.115.170 (2)
Port diary mentions
URL
Happy Valentine's Day; ARCserve probes?; OWA issue; new Opera version
Port 41523; Linux Exploit; Phishing Name server; New Feature: tcp %; ssh attacks; MSRC blog
New mydoom variant; ARCserve exploitation has begun... got Port 41523 TCP packets?
User Comments
Submitted By Date
Comment
Joy Whitney 2005-03-10 08:09:02
This is the Computer Associates Brightstor Arcserver discovery service port. All of the machines in one address range on our WAN was hit at about 8:20PST on 2/24/05. On most machines it just killed the process. On 5 machines it killed the process but also attempted to write a file named wumgrs32.exe. Also found a file named o (with the same time stamp)which was an ftp script to download the mentioned exe file.
Add a comment
CVE Links
CVE # Description