Security Incidents mailing list archives
Re: !! Strange ports for attack
From: "Andrey G. Sergeev (AKA Andris)" <andris () aernet ru>
Date: Tue, 15 Aug 2000 04:35:45 +0400
Hello! Monday, August 14, 2000, 9:43, Pavel Lozhkin <pauel () BALAKOVO RU> wrote: PL> Does anyone know about TCP ports 17300,27374,1243,12346,12345 and PL> exploits corresponding for these ports ? Well, generally these ports are used by some trojans/backdoors: PL> Connection attempt to TCP 195.161.130.240:17300 from 195.133.72.11:4088 - Kuang2 The Virus; PL> Connection attempt to TCP 195.161.130.240:27374 from 195.133.72.11:4089 PL> Connection attempt to TCP 195.161.130.240:1243 from 195.133.72.11:4090 - Sub7 trojan and it's clones; PL> Connection attempt to TCP 195.161.130.240:12346 from 195.133.72.11:4091 PL> Connection attempt to TCP 195.161.130.240:12345 from 195.133.72.11:4092 - NetBus trojan family. The information above was obtained from: http://advice.networkice.com/advice/Exploits/Ports/ http://www.sans.org/newlook/resources/IDFAQ/oddports.htm -- Best regards, Andrey G. Sergeev (AKA Andris) http://www.andris.msk.ru/
Current thread:
- !! Strange ports for attack Pavel Lozhkin (Aug 14)
- Re: !! Strange ports for attack Andrey G. Sergeev (AKA Andris) (Aug 15)
- Re: !! Strange ports for attack Rune Kristian Viken (Aug 15)
- Re: !! Strange ports for attack Ben Laws (Aug 15)
- Re: !! Strange ports for attack Max Gribov (Aug 15)