OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: what are these?
From: Chris Adams (Chris.AdamsUK.WORLDONLINE.COM)
Date: Mon Mar 20 2000 - 08:31:16 CST

That's a btinternet dial up account.

host-aaa-bbb-ccc-dddbtinternet.com where aaa.bbb.ccc.ddd is the dynamically
assigned IP address.

Chris.

-----Original Message-----
From: Fernando Cardoso [mailto:fernandoBN.PT]
Sent: 17 March 2000 08:45
To: INCIDENTSSECURITYFOCUS.COM
Subject: Re: what are these?

Deep Throat trojan uses UDP ports 2140 and 60000 (not sure what's the
server and the client). Probably someone inside your network is using it
or someone in a btinternet.com dialup account is trying to access an
infected host inside your network.

Fernando

______________________________________________
Fernando Cardoso
Network Administrator
National Library of Portugal

>
>
> What are generating these and why do they (mostly) seem to come from
> btinternet.com (sidebar - why don't BT ever bother to answer
> my questions)?
>
> This is a small sample, I get varying numbers of these every day.
>
> Mar 16 21:23:13 gate iplog[10085]: UDP: dgram to port 2140 from
> host213-1-128-105.btinternet.com:60000 (2 data bytes)
> Mar 16 22:34:38 gate iplog[10085]: UDP: dgram to port 2140 from
> host5-99-47-84.btinternet.com:60000 (2 data bytes)
> Mar 16 23:18:14 gate iplog[10085]: UDP: dgram to port 2140 from
> host62-6-69-21.btinternet.com:60000 (2 data bytes)
>
> --
> Dirk-Jan Koopman, Tobit Computer Co Ltd
> At the source of every error which is blamed on the computer
> you will find
> at least two human errors, including the error of blaming it
> on the computer.
>