Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 20000/TCP Activity - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 20000/TCP Activity
We've been noticing a fair amount of activity on port 20000/TCP over the last month or so.

http://isc.sans.org/port.html?port=20000

This port has been reported as the default port for Usermin servers and the National Vulnerability Database (NVD) at NIST does show several Usermin issues in the last year, but nothing obviously related to the current activity.

CVE-2006-4246
Published: 9/19/2006 CVSS Severity: 3.3 (Low)
CVE-2006-4542
Published: 9/5/2006 CVSS Severity: 7.0 (High)
CVE-2006-3392 (VU#999601)
Published: 7/6/2006 CVSS Severity: 2.3 (Low)

Anyone else seeing this activity or have any insight? Packet captures, shellcode, malicious binaries, whatever are always welcome.
Submit via the contact page.
Robert

49 Posts

Sign Up for Free or Log In to start participating in the conversation!