[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: High port UDP probe?

To: Damian Gerow <damian@itactics.com>
Subject: RE: High port UDP probe?
From: Joakim von Braun <joakim.von.braun@risab.se>
Date: Tue, 2 May 2000 17:13:13 +0100
Cc: firewalls@Lists.GNAC.NET, viha@cryptlink.net

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


>> On Tue, 25 Apr 2000, Damian Gerow wrote:
>> 
>> > Apr 24 08:48:01 <hostname> kernel: Packet log: unserved DENY eth0
>> > PROTO=UDP 149.225.113.35:31790 xxx.xxx.xxx.xxx:31789 L=29:9 S=0x00
>> > I=64598 T=115
>> 
>> Apr 24 03:09:29 <x> kernel: IP fw-in deny eth0:109 UDP 
>> 194.133.34.166:10654 <y>:31789 L=29
>> S=0x00 I=24583 F=0x0000 T=114
>> 
>> Getting them here, too. Differing sources.
>> 
>> Is it known which service/trojan they are looking for, yet?
>
>I don't know.  I checked for trojans, and for known port numbers, and
>came up with nothing.

Hi,

It might be the Hack´a´Tack trojan. The information about the ports 31785, 
31788, 31789, 31790, 31791, 31792 has been somewhat unreliable sometimes. 

Cheers,
Joakim

Joakim von Braun         phone +46-(0)8-428 95 05
von Braun Consultants  cell phone +46-(0)709-56 16 42
Kristinehovsgatan 14
SE-117 29 Stockholm,  SWEDEN
- [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe 
firewalls" in the body of the message.]

Prev by Date: RE: Anti-Virus Recommendations
Next by Date: RE: setting up firewall on 2 interface within same subnet? - ianty
Prev by thread: Re: Anti-Virus Recommendations
Next by thread: RE: setting up firewall on 2 interface within same subnet? - ianty
Index(es):
- Date
- Thread