Security Incidents mailing list archives
Re: Port 9704
From: Harry Behrens <Harry () BEHRENS COM>
Date: Thu, 12 Oct 2000 09:58:21 +0900
it's a trojan horse: check /etc/identd.conf for s.th like 9704..... /bin/sh.... I still haven't figured out which script is behind this, but it's a script kiddie's toolbox thing: It hacks aftp daemon (only for Linux as far as I know) and then - leaves the trojan at 9704 - starts scanning around for similar ftp daemons. Regards, Harry
-----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Derek K. Sent: Wednesday, October 11, 2000 8:07 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Port 9704 I never thought I'd do this... I'm seeing a lot of traffic from 2 mailservers - it's going out on port 9704 and going in on another box's 9704. I'm suspicious, and don't find any references to it around. The 9704->9704 makes me wonder if it isn't a hack of some kind. Any reponses are appreciated. Cheers, Derek K.
Current thread:
- Port 9704 Derek K. (Oct 11)
- Re: Port 9704 Harry Behrens (Oct 12)
- Re: Port 9704 Graeme Fowler (Oct 12)
- Re: Port 9704 Jose Nazario (Oct 12)