>Okay I am getting this way strange things happening, which looks
>quite unusual from my side of the network
>
>we have first one of our dns connections, connecting to us as
>follows Their side Our Side UDP x.x.x.x:53 ->
>y.y.y.y:2140
>
>This is the only port it's connecting to, to any of our machines.
>
Hi,
If I get it right the probes are directed against your UDP port 2140. My
guess it�s someone using either one of the trojans "Deep Throat" or
"F0replay". Perhaps it could be "The Invasor" as well. Deep Throat works on
Windows 95, 98 and NT and may also use UDP port 3150. It could be
passwordprotected by a hacker who succesfully made someone inside your
network execute the file, but there exists a Global Password Backdoor so
everyone on the Net can get in.
Take a look at http://www.simovits.com/nyheter9902.html and you�ll find a
huge list of default ports used by trojans. I take the blame for the
incorrect information abourt port 2140 as Deep Throat actually uses UDP on
this one.
Cheers,
Joakim
Joakim von Braun phone +46-(0)709-56 16 42
von Braun Consultants
Kristinehovsgatan 14
SE-117 29 Stockholm, SWEDEN
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
