Security Incidents mailing list archives
RE: tcp/1274 scans
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Sat, 17 May 2003 22:37:07 +1200
-----Original Message----- From: Aaron Cheek [mailto:aaron_cheek () yahoo com] Sent: Friday, 16 May 2003 11:44 a.m. To: incidents () securityfocus com Subject: tcp/1274 scans Hi again. Thanks for your hints about port tcp/554 and the Real Server vulnerability. Now I'm trying to find some info about tcp/1274, which according to IANA is t1distproc. Unfortunately I have not been able to find any info about t1distproc or the reason for those scans.
TCP port 1274 should be used by Pulpit backdoor. It's a simple trojan which installs listener on TCP ports 1272, 1274 and 1276. After that an remote intruder has simple controls over infected system. This could be related to your scans. I didn't find info about this trojan on usual anti-virus sites, but you can see something at the following URL: http://www.ultrasoftware.net/viruslist/descr.asp?id=101 Best regards, Bojan Zdrnja ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- tcp/1274 scans Aaron Cheek (May 15)
- RE: tcp/1274 scans Bojan Zdrnja (May 17)