We've been noticing a fair amount of activity on port 20000/TCP over the last month or so.
http://isc.sans.org/port.html?port=20000 This port has been reported as the default port for Usermin servers and the National Vulnerability Database (NVD) at NIST does show several Usermin issues in the last year, but nothing obviously related to the current activity. CVE-2006-4246 Published: 9/19/2006 CVSS Severity: 3.3 (Low) CVE-2006-4542 Published: 9/5/2006 CVSS Severity: 7.0 (High) CVE-2006-3392 (VU#999601) Published: 7/6/2006 CVSS Severity: 2.3 (Low) Anyone else seeing this activity or have any insight? Packet captures, shellcode, malicious binaries, whatever are always welcome. Submit via the contact page. |
Robert 49 Posts Jan 18th 2007 |
Thread locked Subscribe |
Jan 18th 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!