Trojan port list (was: Hey Guys).

Wed, 9 Feb 2000 13:14:43 -0800 

Does anyone have handy a list all the ports that the servers for these
trojans live on? This would be useful information for creating a firewall
rule that drops all inbound packets destined for such ports.

___________________________________________________________
Steve Riley
Microsoft Telecommunications Consulting in Denver, Colorado
   e-mail: mailto:[EMAIL PROTECTED]
   call/page: +1 303 521-4129 (cellular)
   SMS: mailto:[EMAIL PROTECTED] (100 characters)
   For MS Internet info see http://www.microsoft.com/isn/
Applying computer technology is simply finding the right wrench to pound in
the correct screw.


-----Original Message-----
From: Pablo Smiraglia [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 03, 2000 10:39 AM
To: Firewalls List (E-mail)
Subject: RE: Hey Guys.


Peter,

That port is used by a very nasty troyan: SubSeven 2.1 Gold. You can check
this out here: http://subseven.slak.org/

Hope it helps.
pablo
------------------------------------------------------------------------- 
Pablo Marcelo Smiraglia 
Lider de proyectos. 
DTE Inform�tica & Comunicaciones
Voice: +54-114-382-8555 
Fax:    +54-114-382-9073
e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> PGP Key: 0xF4A3E60B
------------------------------------------------------------------------- 

 



-----Original Message-----
From: Peter M [mailto:[EMAIL PROTECTED]]
Sent: Jueves, 03 de Febrero de 2000 02:22 p.m.
To: [EMAIL PROTECTED]
Subject: Hey Guys.


Over the last 2 days,

Ive been getting a lot of TCP packets going to port "27374" .. Not a udp nor
icmp.. just a normap tcp packet

Blocking incoming TCP: src=xx.x.xxx.xxx, dst=xx.xxx.xx.xxx, sport=3122,
dport=27374.

Sender Port changes... but destination stays the same.

Let me know guys.

Peter.


__________________________________________________________
Get your FREE personalized e-mail at http://www.canada.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to