OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Stephen (sa7oritasam.com)
Date: Sun Nov 04 2001 - 20:39:28 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    <RANT>
    I dont want to sound like a pompous arse, but I think we should be
    careful with asking questions like this. In the tradition of making
    oversimilified and romantic analogies to the biological world, the
    internet, and the world's public networks are like forrests. There is a
    certain degree of chaos and a certain degree of natural order to their
    basic operation. the chaos factor comes from the human interaction with
    teh technology.
    </RANT>

    Trojans, and backdoors are equally as unpredictable. you
    can with one line (in inetd) append a line binding a shell to ANY port.
    You can write ANY number of programs or scripts to do the same on
    unprivileged ports without root. from the network stuff like that is even
    less predicatable because of the plethora of client connection initiation
    done BEHIND the firewall. some innocuous client software could use the
    higher port numbers for nonpassive communication or something. it could be
    anything. have you tried to connect to the host targeted on that port?
    throwing shell commands at it? if you have console access to teh machine,
    look at all process, if there is a live connection, sniff it. the
    wilderness of our networks can be incredibly dynamic, we have to cope with
    this, and be innovative and dilligent in our conquest to grok the vast
    expanse of information. do your part to contribute to the
    "bodiless exhultation that is the matrix". heh. oi. BRAAAAAAZIILLLLLLLL!.

    On Sun, 4 Nov 2001 bonkwebchat.chatsystems.com
    wrote:

    >
    >
    > Anyone know what trojans/backdoors run on 22634, 24544 and 29319 ?
    > Snort.org doesn't list these.
    >
    >
    >
    >
    >
    > 80 24.23.170.219 http Nov 4 03:56:14
    > 80 24.23.19.114 http Nov 4 03:13:24
    > 80 24.23.170.219 http Nov 4 02:57:32
    > 80 24.23.170.219 http Nov 4 02:57:29
    > 80 24.23.170.219 http Nov 4 02:44:27
    > 80 24.23.170.219 http Nov 4 02:08:54
    > 80 24.23.170.219 http Nov 4 02:08:51
    > 80 24.100.151.92 http Nov 4 02:01:11
    > 80 24.100.151.92 http Nov 4 02:01:08
    > 80 24.214.18.131 http Nov 4 00:57:24
    > 80 67.164.189.42 http Nov 4 00:16:15
    > 25 67.164.189.42 smtp Nov 4 00:16:14
    > 110 67.164.189.42 pop3 Nov 4 00:16:14
    > 21 67.164.189.42 ftp Nov 4 00:16:13
    > 7 67.164.189.42 echo Nov 4 00:16:13
    > 53 67.164.189.42 domain Nov 4 00:16:09
    > 22634 24.254.60.19 unknown Nov 3 23:49:26
    > 22634 24.254.60.19 unknown Nov 3 23:48:26
    > 22634 24.254.60.19 unknown Nov 3 23:47:26
    > 22634 24.254.60.19 unknown Nov 3 23:46:26
    > 22634 24.254.60.19 unknown Nov 3 23:45:26
    > 22634 24.254.60.19 unknown Nov 3 23:44:26
    > 22634 24.254.60.19 unknown Nov 3 23:43:26
    > 22634 24.254.60.19 unknown Nov 3 23:42:26
    > 22634 24.254.60.19 unknown Nov 3 23:41:53
    > 22634 24.254.60.19 unknown Nov 3 23:41:36
    > 22634 24.254.60.19 unknown Nov 3 23:41:28
    > 80 24.23.170.219 http Nov 3 23:39:37
    > 80 24.51.8.166 http Nov 3 22:57:26
    > 80 24.51.8.166 http Nov 3 22:57:23
    > 80 24.23.170.219 http Nov 3 22:47:18
    > 80 24.23.170.219 http Nov 3 22:47:15
    > 21 80.11.127.241 ftp Nov 3 22:39:47
    > 21 80.11.127.241 ftp Nov 3 22:39:41
    > 80 24.23.19.114 http Nov 3 22:29:26
    > 80 24.23.19.114 http Nov 3 22:29:23
    > 80 24.23.170.219 http Nov 3 22:13:45
    > 80 24.23.170.219 http Nov 3 22:01:43
    > 80 24.23.170.219 http Nov 3 22:01:40
    > 80 24.23.19.114 http Nov 3 21:30:41
    > 80 24.23.19.114 http Nov 3 21:30:38
    > 27374 24.19.71.108 Sub7 Nov 3 21:18:13
    > 27374 24.19.71.108 Sub7 Nov 3 21:18:01
    > 27374 24.19.71.108 Sub7 Nov 3 21:17:55
    > 27374 24.19.71.108 Sub7 Nov 3 21:17:52
    > 80 24.23.19.114 http Nov 3 20:44:14
    > 80 24.23.19.114 http Nov 3 20:44:11
    > 80 24.23.19.114 http Nov 3 20:34:55
    > 80 24.23.19.114 http Nov 3 20:34:52
    > 80 24.23.19.114 http Nov 3 20:18:01
    > 80 24.23.19.114 http Nov 3 20:17:58
    > 80 24.23.170.219 http Nov 3 20:17:05
    > 80 24.23.170.219 http Nov 3 20:10:24
    > 80 24.23.170.219 http Nov 3 20:10:22
    > 34554 24.254.60.39 unknown Nov 3 20:01:40
    > 80 24.23.170.219 http Nov 3 20:01:04
    > 80 24.23.170.219 http Nov 3 20:01:02
    > 34554 24.254.60.39 unknown Nov 3 20:00:40
    > 34554 24.254.60.39 unknown Nov 3 19:59:40
    > 34554 24.254.60.39 unknown Nov 3 19:58:40
    > 34554 24.254.60.39 unknown Nov 3 19:57:40
    > 34554 24.254.60.39 unknown Nov 3 19:56:40
    > 34554 24.254.60.39 unknown Nov 3 19:55:40
    > 34554 24.254.60.39 unknown Nov 3 19:55:02
    > 34554 24.254.60.39 unknown Nov 3 19:54:43
    > 34554 24.254.60.39 unknown Nov 3 19:54:33
    > 53 202.138.113.150 domain Nov 3 19:54:12
    > 53 202.138.113.150 domain Nov 3 19:54:06
    > 53 202.138.113.150 domain Nov 3 19:54:03
    > 27374 24.156.37.3 Sub7 Nov 3 19:42:12
    > 27374 24.156.37.3 Sub7 Nov 3 19:42:06
    > 27374 24.156.37.3 Sub7 Nov 3 19:42:02
    > 80 24.23.19.114 http Nov 3 19:23:08
    > 80 24.23.19.114 http Nov 3 19:23:05
    > 111 211.112.143.2 sunrpc Nov 3 19:22:33
    > 80 24.23.19.114 http Nov 3 19:21:11
    > 80 24.23.19.114 http Nov 3 19:21:07
    > 80 24.23.19.114 http Nov 3 19:11:52
    > 80 24.23.19.114 http Nov 3 19:11:49
    > 80 24.16.82.182 http Nov 3 16:25:40
    > 80 24.16.82.182 http Nov 3 16:25:37
    > 80 24.12.210.113 http Nov 3 15:50:57
    > 80 24.12.210.113 http Nov 3 15:50:54
    > 29319 24.254.60.33 unknown Nov 3 10:13:09
    > 29319 24.254.60.33 unknown Nov 3 10:12:09
    > 29319 24.254.60.33 unknown Nov 3 10:11:09
    > 29319 24.254.60.33 unknown Nov 3 10:10:09
    > 29319 24.254.60.33 unknown Nov 3 10:09:09
    > 29319 24.254.60.33 unknown Nov 3 10:08:09
    > 29319 24.254.60.33 unknown Nov 3 10:07:09
    > 29319 24.254.60.33 unknown Nov 3 10:06:33
    > 29319 24.254.60.33 unknown Nov 3 10:06:15
    > 29319 24.254.60.33 unknown Nov 3 10:06:06
    > 80 213.96.11.21 http Nov 3 09:52:33
    > 515 157.238.46.30 printer Nov 3 08:15:20
    > 515 157.238.46.30 printer Nov 3 08:15:17
    > 111 211.100.18.45 sunrpc Nov 3 07:54:16
    > 111 211.100.18.45 sunrpc Nov 3 07:54:13
    > 80 24.234.87.155 http Nov 3 06:15:40
    > 80 24.234.87.155 http Nov 3 06:15:37
    >
    >
    >
    >
    > Bonk
    > Bonkcyberabuse.org
    >
    >
    > ================================================
    >
    >
    > ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    >

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com