Port 20000/TCP Activity
We've been noticing a fair amount of activity on port 20000/TCP over the last month or so.


This port has been reported as the default port for Usermin servers and the National Vulnerability Database (NVD) at NIST does show several Usermin issues in the last year, but nothing obviously related to the current activity.

Published: 9/19/2006 CVSS Severity: 3.3 (Low)
Published: 9/5/2006 CVSS Severity: 7.0 (High)
CVE-2006-3392 (VU#999601)
Published: 7/6/2006 CVSS Severity: 2.3 (Low)

Anyone else seeing this activity or have any insight? Packet captures, shellcode, malicious binaries, whatever are always welcome.
Submit via the contact page.

49 Posts
Jan 18th 2007

Sign Up for Free or Log In to start participating in the conversation!