Yeah, that is most likely the Torn rootkit vulnerability if I remember correctly...
I would say to start at maybe SANS [http://www.SANS.org/] as there should be an analysis of the vulnerability on there somewhere, maybe in the GIAC section...
Jarrett
-----Original Message-----
From: Sterling, Chuck [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 04, 2001 12:05
To: 'Fw-1-Mailinglist (E-mail)'
Subject: [FW1] Another port question: 47017/tcp, is it used by a trojan,
etc.?
Importance: Low
Got a heavy scan a while back that used port 47017/tcp. Anybody know of a
trojan running on that port as a default, or any other info pertaining?
Thanks,
Chuck Sterling
System / Network Administrator
NASA White Sands Test Facility
Las Cruces, New Mexico, USA
505-524-5661
Magic is REAL, unless declared INTEGER
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
