On Fri, Jun 29, 2001 at 02:30:19PM -0500, JonesMB wrote: > is there a new exploit script that starts with a ping, followed by attempts > at connecting to port 137, followed by 27374. I have seen a big increase > in this in my ipchains logs this week. I have also noticed that attempts > at port 111 have almost disappeared. > > jmb > > PS - before any educates me on the port numbers being used in the attempts, > I know that 111 is for RPC exploits, 137 is for Netbios SMB and 27374 is > for SubSeven.
It's probably some l33t script kiddie tool that checks for both attacks. -- Daniel Stone <[EMAIL PROTECTED]> <Nuke> "can NE1 help me aim nuclear weaponz????? /MSG ME!!"
