|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Glenn Forbes Fleming Larratt (glratt
rice.edu)Date: Sun Nov 04 2001 - 21:28:29 CST
You might look at (and provide) what they're using for a "source" port -
I've seen numerous "reverse http" and "reverse telnet" scans, where
a source port of 80 or 23 is used. Such a approach could fool
a stateless firewall or IDS.
-g
On Sun, 4 Nov 2001 bonkwebchat.chatsystems.com wrote:
> Anyone know what trojans/backdoors run on 22634, 24544 and 29319 ?
> Snort.org doesn't list these.
:
:
:
> 22634 24.254.60.19 unknown Nov 3 23:49:26
> 22634 24.254.60.19 unknown Nov 3 23:48:26
> 22634 24.254.60.19 unknown Nov 3 23:47:26
> 22634 24.254.60.19 unknown Nov 3 23:46:26
> 22634 24.254.60.19 unknown Nov 3 23:45:26
> 22634 24.254.60.19 unknown Nov 3 23:44:26
> 22634 24.254.60.19 unknown Nov 3 23:43:26
> 22634 24.254.60.19 unknown Nov 3 23:42:26
> 22634 24.254.60.19 unknown Nov 3 23:41:53
> 22634 24.254.60.19 unknown Nov 3 23:41:36
> 22634 24.254.60.19 unknown Nov 3 23:41:28
Glenn Forbes Fleming Larratt
Rice University Network Management
glrattrice.edu
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]