Security Incidents mailing list archives
RE: Any tcp/608 activity?
From: "Garramone, Michael (CCI-Las Vegas)" <Michael.Garramone () cox com>
Date: Wed, 4 Sep 2002 11:30:33 -0400
Last week I received spam complaints against 4 different customers, all the same message and all with no knowledge of the incident. The only similarity I could find was port 608 open on each user's machine. Telnet to this port returned a number sequence, and successive telnets increased the number returned. Each customer found a trojan/backdoor installed, but not all the same one. -----Original Message----- From: Andrey G. Sergeev (AKA Andris) [mailto:andris () aernet ru] Sent: Saturday, August 31, 2002 10:06 AM To: Incidents List Subject: Any tcp/608 activity? Hello! Did anyone here seen *any* activity, either legal or suspicious, on TCP port 608 for, say, past 3 months? My question _isn't related_ to Sender-Initiated/Unsolicited File Transfer proto (RFC 1440) although I'm still interested in your comments if you're using this service and have some records in the SIFT-UFT daemon logs saying something like "Unrecognized command", "Invalid data", "Bad request" and so on. Thanks. -- Yours sincerely, Andrey G. Sergeev (AKA Andris) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Any tcp/608 activity? Andrey G. Sergeev (AKA Andris) (Sep 02)
- Re: Any tcp/608 activity? Johannes Ullrich (Sep 02)
- <Possible follow-ups>
- RE: Any tcp/608 activity? Garramone, Michael (CCI-Las Vegas) (Sep 04)
- RE: Any tcp/608 activity? Garramone, Michael (CCI-Las Vegas) (Sep 05)