Firewall Wizards mailing list archives
Trojan detection and open ports
From: "Philip J. Koenig" <pjklist () ekahuna com>
Date: Fri, 7 Sep 2001 02:06:57 -0700
Have a client whose laptop was recently infected by the new Magistr.B virus. In investigating this problem, I noticed that this machine (Win98SE) had some mysterious open ports, in particular: 135: TCP 5053: TCP 7000: TCP 7000: UDP 135 I remember from somewhere as normal (a NetBIOS thing?) but lists I have call it "DCE endpoint resolution" which doesn't make any sense to me. None of the trojan port lists I reviewed showed anything on 5053, and 7000 is used by SubSeven, among others. Using a trojan scanner didn't turn up anything. Anyone have any ideas what might be keeping those ports open? Lastly - I was hoping to find some sort of tool that would scan for common open ports used by trojan programs, but the only anti-trojan tools I seem to be able to easily find are ones that run on the local PC. Any pointers to something that works like the various DDoS zombie scanners or the eEye CodeRed scanner? Thanks, Phil -- Philip J. Koenig pjklist () ekahuna com Electric Kahuna Systems -- Computers & Communications for the New Millenium _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Trojan detection and open ports Philip J. Koenig (Sep 07)
- <Possible follow-ups>
- Trojan detection and open ports Thomas Ray (Sep 08)
- RE: Trojan detection and open ports Dawes, Rogan (ZA - Johannesburg) (Sep 12)