Thinking...
[get complete service list]
Top of page
Port Information
Protocol Service Name
tcp --- ---
Top IPs Scanning
Today Yesterday
74.231.46.98 (12)152.32.169.155 (20)
79.124.59.130 (8)118.194.236.219 (16)
109.205.211.245 (3)118.193.59.227 (14)
193.163.125.25 (2)118.194.249.254 (13)
193.163.125.57 (2)101.36.107.243 (12)
193.163.125.75 (1)128.1.33.49 (12)
167.94.146.41 (1)101.36.110.201 (11)
127.0.0.53 (1)152.32.218.201 (11)
165.154.173.35 (1)152.32.238.83 (9)
193.163.125.68 (1)165.154.18.125 (8)
Port diary mentions
URL
Happy Valentine's Day; ARCserve probes?; OWA issue; new Opera version
Port 41523; Linux Exploit; Phishing Name server; New Feature: tcp %; ssh attacks; MSRC blog
New mydoom variant; ARCserve exploitation has begun... got Port 41523 TCP packets?
Top of page
User Comments
Submitted By Date
Comment
Joy Whitney 2005-03-10 08:09:02
This is the Computer Associates Brightstor Arcserver discovery service port. All of the machines in one address range on our WAN was hit at about 8:20PST on 2/24/05. On most machines it just killed the process. On 5 machines it killed the process but also attempted to write a file named wumgrs32.exe. Also found a file named o (with the same time stamp)which was an ftp script to download the mentioned exe file.
Top of page
CVE Links
CVE # Description
Top of page