Security Incidents mailing list archives
Re: UDP port 2140 ?
From: Wayne Langlois <wayne () DIAMONDCS COM AU>
Date: Mon, 14 Aug 2000 15:59:00 -0000
Alex, You are being scanned by a hacker using a DeepThroat remote access trojan client - could be version 1, 2, or 3. The default server port is UDP 2140, the client binds to UDP 60000. If the said hacker was using a custom-made program, their port may not be 60000. We have many variants including Foreplay, WinNuke Extreme Dropper, Winspoofer Dropper, DarkStar 1.0, DarkStar 1.1, DXBall & TetrisSquare Droppers, as well as standard versions - 1.0, 2.0, 2.1, 3.0, 3.1, 3.1b. Despite the many variants, it is not a very commonly used trojan. The DeepThroat homepage (as cited in the DeepThroat readme.rtf) is http://deept.cjb.net Kind regards, wayne () diamondcs com au
Any idea what this port is? I have seen scans on my whole
class C scanned from port 60000 on 193.230.162.187 and from 193.230.162.250, also source port 2140.
It has happeded some time ago, while I was out of town.
I have looked in the archives and the usual firewall-seen sites, but no luck.
Current thread:
- UDP port 2140 ? Alex Popa (Aug 13)
- Re: UDP port 2140 ? Wayne Langlois (Aug 14)
- <Possible follow-ups>
- UDP port 2140 ? Dave Killion (Aug 14)