Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Port 1027 (tcp/udp) Attack Activity Port 1027 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp icq icq instant messanger
Top IPs Scanning
TodayYesterday
80.82.78.100 (162)198.108.67.48 (109)
141.207.145.235 (127)77.247.108.88 (105)
198.108.67.48 (55)51.75.52.127 (22)
185.103.18.7 (44)66.240.219.146 (19)
208.54.73.7 (41)106.75.13.173 (19)
89.248.172.16 (17)89.248.172.16 (13)
51.75.52.127 (15)17.133.234.33 (12)
198.20.99.130 (13)198.20.99.130 (11)
117.50.6.201 (5)117.50.6.160 (10)
106.75.2.200 (5)106.75.63.218 (7)
User Comments
Submitted By Date
Comment
Lele 2004-10-28 05:16:08
This is the data contained in the packet: Frame 93 (709 bytes on wire, 709 bytes captured) Time delta from previous packet: 51.351791000 seconds Time since reference or first frame: 1998.591219000 seconds Frame Number: 93 Packet Length: 709 bytes Capture Length: 709 bytes Ethernet II, Src: 00:e0:63:xx:xx:xx, Dst: 00:04:75:xx:xx:xx Destination: 00:04:75:xx:xx:xx (3Com_xx:xx:xx) Source: 00:e0:63:xx:xx:xx (Cabletro_xx:xx:xx) Type: IP (0x0800) Internet Protocol, Src Addr: 210.106.58.88 (210.106.58.88), Dst Addr: xxx.xxx.xxx.xxx User Datagram Protocol, Src Port: 1613 (1613), Dst Port: 1027 (1027) DCE RPC Microsoft Messenger Service Operation: NetrSendMessage (0) Server Max Count: 19 Offset: 0 Actual Count: 19 Server: DIPLOMAS Client Max Count: 19 Offset: 0 Actual Count: 19 Client: You Message Max Count: 511 Offset: 0 Actual Count: 511 Message: \n\nObtain a prosperous future, money earning power,and the admiration of all.\n\nDiplomas from prestigious universities based on your present knowledge and life experience.\n\nNo required tests, classes, books, or interviews.\n\n I think it's a mass spam... couse the source ip is forged and my router are logging a lot of traffic like this... Lele from Italy (sorry for my english!)
2004-07-14 01:15:56
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-seki-up2.pdf
Add a comment
CVE Links
CVE # Description