Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: backdoor or bot?

From: "Calhoun, Heath" <CalhounH () GSCI STATE MS US>
Date: Wed, 27 Dec 2000 14:40:02 -0600
Try this website for SyGateTech.  They have a quick scan, stealth scan,
trojan scan
tcp scan and udp scan

http://scan.sygatetech.com/

Heath Calhoun

-----Original Message-----
From: Daniel Wittenberg [mailto:daniel-wittenberg () UIOWA EDU]
Sent: Wednesday, December 27, 2000 11:46 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: backdoor or bot?


Are there any good tools out there to scan a network for some of these known
backdoors/trojans?  Preferably something GPL and Linux, but anything known
would be nice...

Dan


From: Jon Lewis <jlewis () LEWIS ORG>
Reply-To: jlewis () LEWIS ORG
Date: Tue, 26 Dec 2000 22:23:49 -0500
To: INCIDENTS () SECURITYFOCUS COM
Subject: backdoor or bot?

I've noticed this on a few systems recently while scanning people back
who've been caught scanning for various services on certain networks I
manage.

$ telnet 211.118.21.87 22546
Trying 211.118.21.87...
Connected to 211.118.21.87.
Escape character is '^]'.

Property of PainKeeper !
Use with extreme care...
...incoming shell...

painkeeper login:

My guess is, this is a backdoor.

----------------------------------------------------------------------
Jon Lewis *jlewis () lewis org*|  I route
System Administrator        |  therefore you are
Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Previous By Date Next
Previous By Thread Next

Current thread: