|
|
In early year 2001, many exploit scripts for DNS TSIG name overflow would place a root shell on this port.In mid-2001, a worm was created that enters the system via this port (left behind by some other attacker), then starts scanning other machines from this port.