[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: what attack is this ?
BO and friends are configurable via boconfig which comes with the trojan. Might be
looking
for it in some user defined ports .... ( Can you get the packets themselves? )
Oren
Itamar S.-T. wrote:
> Erez Doron wrote:
>
> > my firewall logs show someone (192.114.175.59:1117)
> > that sent udp packets to all our computers to
> > ports 22 and 5632.
> > i know port 22 is for ssh, but is it udp or tcp ?
> > i have no idea about port 5632 though.
>
> While we're at, where can I find a more complete resource of ports than
> /etc/services? My firewall denies all kinds of interesting things, of which I
> recognize only BO at 31337.
>
> --
> Whole Pop Magazine Online - this issue Motorcycles & Teddy Bears
> Pop Culture, Games and more at http://www.wholepop.com/
> Itamar, itamars@ibm.net