|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nick FitzGerald (nick
virus-l.demon.co.uk)Date: Wed Nov 07 2001 - 13:45:08 CST
<bonkwebchat.chatsystems.com> wrote:
> Anyone know what trojans/backdoors run on 22634, 24544 and 29319 ?
> Snort.org doesn't list these.
This style of reply is seldom accepted for posting, but it should be
remembered that only knowing the attempted port is a **very, very
poor** diagnostic. Most of the modern RATs, bots, etc and
nearly all of the widely used ones, allow the ports they run on to be
configured. Thus, only knowing "port X was scanned" and "port X is
the default port for <some RAT>" does not tell you much. Further,
few of the IDSes, etc do traffic analysis to better detect which RAT,
bot, etc may be involved *and* of those that do, few do so for more
than a tiny fraction of the RATs.
-- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]