[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what attack is this ?



BO and friends are configurable via boconfig which comes with the trojan. Might be
looking
for it in some user defined ports  .... ( Can you get the packets themselves? )

                                                            Oren

Itamar S.-T. wrote:

> Erez Doron wrote:
>
> > my firewall logs show someone (192.114.175.59:1117)
> > that sent udp packets to all our computers to
> > ports 22 and 5632.
> > i know port 22 is for ssh, but is it udp or tcp ?
> > i have no idea about port 5632 though.
>
> While we're at, where can I find a more complete resource of ports than
> /etc/services?  My firewall denies all kinds of interesting things, of which I
> recognize only BO at 31337.
>
> --
> Whole Pop Magazine Online - this issue Motorcycles & Teddy Bears
> Pop Culture, Games and more at http://www.wholepop.com/
> Itamar, itamars@ibm.net