Security Incidents mailing list archives
Re: what are these?
From: peter.bates () LSHTM AC UK (Peter Bates)
Date: Fri, 17 Mar 2000 17:18:15 +0000
Hello there...
What are generating these and why do they (mostly) seem to come from btinternet.com (sidebar - why don't BT ever bother to answer my questions)? This is a small sample, I get varying numbers of these every day. Mar 16 21:23:13 gate iplog[10085]: UDP: dgram to port 2140 from host213-1-128-105.btinternet.com:60000 (2 data bytes) Mar 16 22:34:38 gate iplog[10085]: UDP: dgram to port 2140 from host5-99-47-84.btinternet.com:60000 (2 data bytes) Mar 16 23:18:14 gate iplog[10085]: UDP: dgram to port 2140 from host62-6-69-21.btinternet.com:60000 (2 data bytes)
This is a probe for the Windows trojan 'Deep Throat', unless I'm mistaken, which is apparently at version 3 (?)... You're not alone... we've seen on average about two scans a day for this across all of our network, which tends to make it stand out a bit... and not all of the sources are btinternet.com, however... -- ----------------------------------------------------------------> Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-927 2124 / Fax:0207-436 5389 / Pager: 07625 255362
Current thread:
- what are these? Dirk Koopman (Mar 16)
- Re: what are these? Peter Bates (Mar 17)
- syslogd exploit? (fwd) Bill Cassady (Mar 20)
- Re: syslogd exploit? (fwd) Erich Meier (Mar 22)
- Re: syslogd exploit? (fwd) Pavel Kankovsky (Mar 22)
- Re: syslogd exploit? (fwd) Jeffrey F. Lawhorn (Mar 22)
- Re: what are these? Imran Ghory (Mar 21)
- <Possible follow-ups>
- Re: what are these? Fernando Cardoso (Mar 17)
- Re: what are these? Chris Adams (Mar 20)