http://www.simovits.com/trojans/tr_data/y358.html
"leon"
<[EMAIL PROTECTED] To: "'Richard Feaver'"
> <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
11/23/2001 cc:
09:53 PM Subject: RE: WIN2K Ports 32000 & 32001
Open
?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Why don't you get f-port or vision from foundstone.com and track down
the process that is bound to the port?
Regards,
Leon
- -----Original Message-----
From: Richard Feaver [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 21, 2001 5:38 AM
To: [EMAIL PROTECTED]
Subject: WIN2K Ports 32000 & 32001 Open ?
Greets all,
recently checking one of our Win2k boxes
i found ports 32000 and 32001 open
and listening for connections.
checking google i failed to find
much concerning port 32000 but i did
find a trojan called "Donald Dick" which
apparently runs on port 32001. Ive checked
official application port listings and those
port numbers are not registered so i can only
assume its a trojan of some sort.
Has anyone else had any experiance with these
port numbers or coudl offer any more advice
as to track down exactly what it is and how i
could go about curing the problem. I tried a
reboot aswell but they were still open on re-startup.
thank you,
rich
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBO/6pSdqAgf0xoaEuEQIeDACfct/JtOM6E2A0RxD52g7Ysq1m9KMAn374
w2dambja8M8xsBEfmsoqClhE
=8Zpl
-----END PGP SIGNATURE-----
