Re: Port 1981 UDP trojan/worm?

From: Joakim von Braun (joakim.von.braunat_private)
Date: Mon Apr 30 2001 - 12:18:31 PDT

Next message: Mark Challender: "My Mysterious Message"

Previous message: Hamid T Ouyachchi: "Found this in my logs"
In reply to: Devdas Bhagat: "Port 1981 UDP trojan/worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Apr 25 15:31:11 ns1 kernel: Packet log: input DENY eth0 PROTO=17
>207.199.68.253:61306 <my_ip>:1981 L=169 S=0x00 I=1741 F=0x0000 T=107
>(#24)

Port 1981 are known to be ued by two Windows trojans: Shockrave and Bowl. I
know the trojans use the two ports for TCP traffic, but at least one of
them may well be using UDP as well.

To read more about the two, take a look at the URL found below.

Cheers
Joakim



Joakim von Braun         phone +46-(0)8-428 95 05
von Braun Consultants  cell phone +46-(0)709-56 16 42
Kristinehovsgatan 14
SE-117 29 Stockholm,  SWEDEN

The Trojan Database:  http://www.simovits.com/trojans/trojans.html

Next message: Mark Challender: "My Mysterious Message"
Previous message: Hamid T Ouyachchi: "Found this in my logs"
In reply to: Devdas Bhagat: "Port 1981 UDP trojan/worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 01 2001 - 05:29:39 PDT