Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: !! Strange ports for attack

From: "Andrey G. Sergeev (AKA Andris)" <andris () aernet ru>
Date: Tue, 15 Aug 2000 04:35:45 +0400
Hello!


Monday, August 14, 2000, 9:43, Pavel Lozhkin <pauel () BALAKOVO RU> wrote:

PL> Does anyone know about TCP ports 17300,27374,1243,12346,12345 and
PL> exploits corresponding for these ports ?

Well, generally these ports are used by some trojans/backdoors:

PL> Connection attempt to TCP 195.161.130.240:17300 from 195.133.72.11:4088

- Kuang2 The Virus;

PL> Connection attempt to TCP 195.161.130.240:27374 from 195.133.72.11:4089
PL> Connection attempt to TCP 195.161.130.240:1243 from 195.133.72.11:4090

- Sub7 trojan and it's clones;

PL> Connection attempt to TCP 195.161.130.240:12346 from 195.133.72.11:4091
PL> Connection attempt to TCP 195.161.130.240:12345 from 195.133.72.11:4092

- NetBus trojan family.

The information above was obtained from:
http://advice.networkice.com/advice/Exploits/Ports/
http://www.sans.org/newlook/resources/IDFAQ/oddports.htm


--

Best regards,

Andrey G. Sergeev (AKA Andris)     http://www.andris.msk.ru/
Previous By Date Next
Previous By Thread Next

Current thread: