Port 17300 is apparently the backdoor of Kuang2. I've gotten a few hits of it myself on a little ol' dialup line.
Tim Heagarty MCSE, MCP+I "There are only 10 kinds of people in the world, those that understand binary, and those that don't." Work: (928) 636-0489 Cell: (928) 533-9690 -----Original Message----- From: Keith T. Morgan [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 11:23 PM To: Hankes, Christopher A Cc: [EMAIL PROTECTED] Subject: RE: Strange Connection Attempts Yeah. We've seen these as well. Ours came packed with a portscan for port 23, 67 (TCP) 1756, tcp 6112, and tcp 9001. We've also seen a marked increase in scans for tcp port 3389 (ms terminal services). Additionally, we've seen some odd scans for tcp 17300. I haven't taken the time yet to see what runs on 17300 tcp. > -----Original Message----- > From: Hankes, Christopher A [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 14, 2003 1:05 PM > Cc: [EMAIL PROTECTED] > Subject: Strange Connection Attempts > > > As of about 2:00 am cst 2/14/03 I have been receiving connection > attempts on my router to port 1756(caplast-lmd). Has any one seen this > too? Are there any know vulnerabilities on that port? I have been > getting a connection attempt about every 10-15 seconds. It's > almost like > a DoS attack. Anyone have any thoughts.=20 > > Thanks > > Christopher Hankes > > CIS major > > University of Wisconsin -Stevens Point > >
