Security Incidents mailing list archives
Re: Port 555 scan
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Fri, 9 Feb 2001 18:16:33 -0700
So I went looking through my BlackICE logs, and found this: 59, 2001-02-08 21:09:50, 2003101, TCP trojan horse probe, 211.193.34.30, LINOO, 63.202.179.99, , port=555&name=Phase+Zero, 2, A And sure enough, 211.193.34.30 is listening at port 27374. (The port Ramen uses to download itself onto new machines.) Perhaps there's a Ramen variant. Anyone know what kind of command Ramen expects on 27374 before it will send itself? It would accept a few keystrokes from me, and then disconnect. Ryan
Current thread:
- Re: Port 555 scan Ryan Russell (Feb 10)
- <Possible follow-ups>
- Re: Port 555 scan Ryan Russell (Feb 10)
- Re: Port 555 scan me (Feb 12)
- Port 555 scan me (Feb 10)
- Re: Port 555 scan Rod Longanilla (Feb 10)
- Re: Port 555 scan Aaron (Feb 10)
- Re: Port 555 scan Alex Luketa (Feb 10)
- Re: Port 555 scan Robert G. Ferrell (Feb 12)
- Re: Port 555 scan John Paul (Feb 12)
- Re: Port 555 scan Robert van der Meulen (Feb 13)