Security Incidents mailing list archives
Trojans that use LDAP
From: "Gary Porter" <gary.porter () matcomcorp com>
Date: Tue, 15 Jan 2002 09:57:56 -0500
Are there any Trojans that communicate using LDAP? A machine on our internal network is trying to connect to "email-ds-3.c3pki.ch" on destination Port 389? That port (blocked by the firewall) is ostensibly used for the Lightweight Directory Access Protocol, but I know nothing about this service and I've been unsuccessful (using Sam Spade) in locating any information about the destination address. Is this the sign of a compromise or something more benign? Gary R. Porter Program Manager, CITS Mobile Training MATCOM Corporation 757-838-0212 (w) 757-897-5830 (m) gary.porter () matcomcorp com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Trojans that use LDAP Gary Porter (Jan 15)
- Re: Trojans that use LDAP Patrick Patterson (Jan 15)
- Re: Trojans that use LDAP Hugo van der Kooij (Jan 16)
- Re: Trojans that use LDAP Kevin . Reardon (Jan 18)
- Re: Trojans that use LDAP Stephen (Jan 19)
- <Possible follow-ups>
- Re: Trojans that use LDAP GeekSpooky (Jan 17)