>From the ports database at www.snort.org: Port 17300 / tcp Keyword Kuang2TheVirus Description [trojan] Kuang2 The Virus
http://www.dark-e.com/archive/trojans/kuang/tv/index.shtml http://vil.mcafee.com/dispVirus.asp?virus_k=10213& http://www.sans.org/search.php?config=sansphp&words=17300 Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: Charles Hamby [mailto:[EMAIL PROTECTED]] Sent: 19 February 2003 03:50 To: [EMAIL PROTECTED] Subject: Re: Strange Connection Attempts I've been seeing 17300 scans from many places outside of Asia, actually. I just had one today that I traced back to somewhere around LA, so they definitely are getting to other time zones, I've been seeing scans from Comcast, AT&T, and a couple of others. But, as you say, in all of the packets I've captured, none of them have any payload. It's a little odd. -CDH -----Original Message----- From: Kinsey, Robert [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 2:39 PM Cc: '[EMAIL PROTECTED] ' Subject: RE: Strange Connection Attempts I also saw the 17300 (which is the port Kuang 2 the virus runs on). But they were all coming from Asia (about 0800 their time) and never progressed. I was thinking it was a launch attempt on the 14th but no other TZs showed up. My feeling is if these are all 0-byte length probes they aren't doing much. Just ensure these ports / services are set to drop the connections fitting the description. rk ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or [EMAIL PROTECTED] **************************************************************************************