Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 41523 (tcp/udp) Attack Activity Port 41523 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
Top IPs Scanning
TodayYesterday
92.63.197.9 (4)193.163.125.133 (2)
193.163.125.31 (1)193.163.125.107 (1)
92.63.197.7 (1)193.163.125.27 (1)
193.163.125.109 (1)193.163.125.114 (1)
185.156.73.31 (1)193.163.125.172 (1)
193.163.125.82 (1)193.163.125.57 (1)
51.171.132.123 (1)193.163.125.97 (1)
193.163.125.33 (1)193.163.125.8 (1)
79.124.62.110 (1)193.163.125.143 (1)
193.163.125.167 (1)193.163.125.75 (1)
Port diary mentions
URL
Happy Valentine's Day; ARCserve probes?; OWA issue; new Opera version
Port 41523; Linux Exploit; Phishing Name server; New Feature: tcp %; ssh attacks; MSRC blog
New mydoom variant; ARCserve exploitation has begun... got Port 41523 TCP packets?
User Comments
Submitted By Date
Comment
Joy Whitney 2005-03-10 08:09:02
This is the Computer Associates Brightstor Arcserver discovery service port. All of the machines in one address range on our WAN was hit at about 8:20PST on 2/24/05. On most machines it just killed the process. On 5 machines it killed the process but also attempted to write a file named wumgrs32.exe. Also found a file named o (with the same time stamp)which was an ftp script to download the mentioned exe file.
Add a comment
CVE Links
CVE # Description