OT Port 3127 probes on public IP

TheMSsForum.com: The Microsoft Software Forum

My SBS 2000 network started getting numerous access attempts (blocked) on
port 3127 on its public IP address starting 1/27/04 (yes, a day later) at
5:45PM PST coming from a variety of sources. The MyDoom/Novarg writeups talk
about listening on that port, but I have not seen any mention of hightened
probe activity over the internet.

1) Are you seeing these types of access attempts?

2) Is this at all related to the status of my network? That is, does it
indicate that I have some sort of MyDoom problem internally?

Thanks,

JoeM
Top

Re: OT Port 3127 probes on public IP by JoeM

JoeM
Wed Jan 28 16:43:41 CST 2004

If it helps anyone...

I have seen a potential answer to my question and to a problem you should be
experiencing. A variant of M-y-D-o-o-m (M-y-D-o-o-m.B) started appearing
Tuesday. It gets past the 1/26 virus defs (Symantec says their 1/28 defs
handle it, but they are not yet up on the Live Update site). It seems less
wild, but more dangerous than the original version. IDefense theorizes that
the B version is using the original version to spread itself. If so, it
would be the source of probes to port 3127.

"JoeM" <labyzs302@NOsneakSPAMemail.com> wrote in message
news:RySRb.304$uM2.67@newsread1.news.pas.earthlink.net...
> My SBS 2000 network started getting numerous access attempts (blocked) on
> port 3127 on its public IP address starting 1/27/04 (yes, a day later) at
> 5:45PM PST coming from a variety of sources. The MyDoom/Novarg writeups
talk
> about listening on that port, but I have not seen any mention of hightened
> probe activity over the internet.
>
> 1) Are you seeing these types of access attempts?
>
> 2) Is this at all related to the status of my network? That is, does it
> indicate that I have some sort of MyDoom problem internally?
>
> Thanks,
>
> JoeM
>
>


Top

Re: OT Port 3127 probes on public IP by Susan

Susan
Wed Jan 28 21:59:03 CST 2004

That's just your friendly neighborhood hacker and your firewall doing
it's job.

SearchSecurity.com | Hackers scanning for ports opened by Mydoom:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci946423,00.html


JoeM wrote:
> My SBS 2000 network started getting numerous access attempts (blocked) on
> port 3127 on its public IP address starting 1/27/04 (yes, a day later) at
> 5:45PM PST coming from a variety of sources. The MyDoom/Novarg writeups talk
> about listening on that port, but I have not seen any mention of hightened
> probe activity over the internet.
>
> 1) Are you seeing these types of access attempts?
>
> 2) Is this at all related to the status of my network? That is, does it
> indicate that I have some sort of MyDoom problem internally?
>
> Thanks,
>
> JoeM
>
>

--
http://www.sbslinks.com/really.htm

Top