Security Incidents mailing list archives
Re: What's on udp/2002 ?
From: <rewt () eghetto ca>
Date: Wed, 18 Sep 2002 15:49:07 -0300 (ADT)
I was looking through the source of one of those apache-ssl worms that have been kicking around recently. I'm not sure of the name of this one, I got it through a friend. He had found it on a compromised machine. Anyway, this part of the source might give you a clue... --CUT-- #define PORT 2002 --CUT-- It looks like this thing uses port 2002 to communicate in it's peer-to-peer way. You might want to check your machines for that worm. If recent posts are correct, than you should find a 'bugtraq' process running on the infected machine. If you want to look at the source, contact me and I can forward it to you. Otherwise a quick google search should help out. Cheers. Jonathan Freedman Packet Mountain, Ltd ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- What's on udp/2002 ? Guido Van De Velde (Sep 18)
- Re: What's on udp/2002 ? rewt (Sep 18)
- Re: What's on udp/2002 ? Nick FitzGerald (Sep 18)
- Re: What's on udp/2002 ? Jay D. Dyson (Sep 18)
- Re: What's on udp/2002 ? Kurt Seifried (Sep 18)
- Re: What's on udp/2002 ? Russell Harding (Sep 18)
- Re: What's on udp/2002 ? Nick FitzGerald (Sep 18)
- Re: What's on udp/2002 ? Johannes Ullrich (Sep 18)
- Re: What's on udp/2002 ? Jose Nazario (Sep 18)
- Re: What's on udp/2002 ? Guido Van De Velde (Sep 18)
- <Possible follow-ups>
- RE: What's on udp/2002 ? Matthew F. Caldwell (Sep 18)
- Re: What's on udp/2002 ? rewt (Sep 18)