UAAC Protocol ?

["Clarke, Suzy" <suzy.clarke () cgey com>]

Hi all,

Last year the XC telnetd worm infected machines running the BSD based telnet
daemon. Amongst other things it installed a rootshell backdoor on TCP port
145.

This port is reserved for a service called "UAAC" [it's defined by default
in FreeBSD's /etc/services file]
Does anyone have any idea what it's legitimately used for? 

I've checked the RFCs and done a Google search but they haven't turned up
anything. In several port listings a David Gomberg at Mitre
[gomberg () gateway mitre org] is listed as the contact for this service but
mail to that address bounces. I was also referred to him by IANA. Does
anyone have an alternate email for him?

I contacted Ryan Russell at Sec Focus as he did the original XC worm
analysis but he doesn't know what UAAC is used for either.

If you've got any ideas or info please let me know.
Thanks,
Suzy



********************************************************************************************
" This message contains information that may be privileged or confidential and 
is the property of the Cap Gemini Ernst & Young Group. It is intended only for 
the person to whom it is addressed. If you are not the intended recipient, you 
are not authorized to read, print, retain, copy, disseminate, distribute, or use 
this message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message ".
********************************************************************************************


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com