>I get several hits on ports like > >TCP 202 >UDP 31789 > >The sender IP is usually different from time to time, sometimes people >in the US, Germany, Sweden - well basically all over the globe knocks >at these ports. I have never seen any trojan scans on port 202, but it could eithr be a new one or a wellknown trojan with one of its default ports changed. UDP 31789 is Hack`a`Tack, a Remote Access trojan written in May 1999. You can read more about it on the URL found below my address information. You�ll find that many of the IP adresses used are either spoofed or sent through mail proxies. Cheers, Joakim Joakim von Braun phone +46-(0)8-428 95 05 von Braun Consultants cell phone +46-(0)709-56 16 42 Kristinehovsgatan 14 SE-117 29 Stockholm, SWEDEN The Trojan Database: http://www.simovits.com/trojans/trojans.html - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
