Security Incidents mailing list archives
Re: what are these?
From: Chris.Adams () UK WORLDONLINE COM (Chris Adams)
Date: Mon, 20 Mar 2000 14:31:16 -0000
That's a btinternet dial up account. host-aaa-bbb-ccc-ddd () btinternet com where aaa.bbb.ccc.ddd is the dynamically assigned IP address. Chris. -----Original Message----- From: Fernando Cardoso [mailto:fernando () BN PT] Sent: 17 March 2000 08:45 To: INCIDENTS () SECURITYFOCUS COM Subject: Re: what are these? Deep Throat trojan uses UDP ports 2140 and 60000 (not sure what's the server and the client). Probably someone inside your network is using it or someone in a btinternet.com dialup account is trying to access an infected host inside your network. Fernando ______________________________________________ Fernando Cardoso Network Administrator National Library of Portugal
What are generating these and why do they (mostly) seem to come from btinternet.com (sidebar - why don't BT ever bother to answer my questions)? This is a small sample, I get varying numbers of these every day. Mar 16 21:23:13 gate iplog[10085]: UDP: dgram to port 2140 from host213-1-128-105.btinternet.com:60000 (2 data bytes) Mar 16 22:34:38 gate iplog[10085]: UDP: dgram to port 2140 from host5-99-47-84.btinternet.com:60000 (2 data bytes) Mar 16 23:18:14 gate iplog[10085]: UDP: dgram to port 2140 from host62-6-69-21.btinternet.com:60000 (2 data bytes) -- Dirk-Jan Koopman, Tobit Computer Co Ltd At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.
Current thread:
- what are these? Dirk Koopman (Mar 16)
- Re: what are these? Peter Bates (Mar 17)
- syslogd exploit? (fwd) Bill Cassady (Mar 20)
- Re: syslogd exploit? (fwd) Erich Meier (Mar 22)
- Re: syslogd exploit? (fwd) Pavel Kankovsky (Mar 22)
- Re: syslogd exploit? (fwd) Jeffrey F. Lawhorn (Mar 22)
- Re: what are these? Imran Ghory (Mar 21)
- <Possible follow-ups>
- Re: what are these? Fernando Cardoso (Mar 17)
- Re: what are these? Chris Adams (Mar 20)