|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David U. (davidu_at_everydns.net)
Date: Mon Sep 09 2002 - 18:47:41 CDT
Jeremy Junginger wrote:
> Maybe this?
> http://www.simovits.com/trojans/tr_data/y921.html
I believe Konik ran over TCP not UDP.
Additionally, given the nature of the trojan, it is unlikely that it would
cause "a lot of activity."
Some questions are:
Is this traffic inbound or outbound?
Is the traffic to many hosts or very few hosts?
Is the traffic valid? (ie: non-rfc1918, etc)
-davidu
> -----Original Message-----
> From: Greg Schmidt [mailto:gschmidt
wustl.edu]
> Sent: Monday, September 09, 2002 2:24 PM
> To: incidentssecurityfocus.com
> Subject: UDP port 22321
>
>
> We have seen a lot of activity from some of our students on udp port
> 23321 lately. Does anyone know what this might be? Thanks.
>
> Greg
>
>
> ------------------------------------------------------------------------
> ----
> This list is provided by the SecurityFocus ARIS analyzer service. For
> more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]