Hello, Was recently carrying out a vulnerability assessment at a clients network.
Have come across port no 2 /tcp on some of the W2K advanced servers. This was visible from the first portscan but could not see it on the next . It was kind of intermittent. I tried google for the same but could not come across any specific information regarding the Trojan. The only relevant info was the one at http://www.seifried.org/security/ports/0/2.html , which reports it as the death trojan. Would like to know if anyone has seen the same kind of activity anywhere and would be able to analyze the same. Let me know . Cheers, Shreerang Vaidya.
