RE: Mystery web server trojan(?) on Windows ME

From: Vachon, Scott (Scott.Vachonat_private)
Date: Fri Jun 22 2001 - 10:44:36 PDT

Next message: Jason Burzenski: "RE: Probe for index server .ida"

Previous message: Aropalo Tommi: "Re: New maniac rootkit"
Maybe in reply to: Jeremy Anderson: "Mystery web server trojan(?) on Windows ME"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi folks,
> 
> One of my users is running WinME at home.  He reported that he thought his
> home machine had been hacked.
> 
> Running a portscan on the machine turned up the following:
> 
> 10.0.0.23           unknown            135/tcp unassigned
> 10.0.0.23           netbios-ssn        139/tcp # NETBIOS session server
> 10.0.0.23	    unknown	       4343/tcp unassigned
> 
> Attempting to telnet to port 4343 on this machine, I found what appeared
> to be a small webserver.<snip>

Got this from http://www.con.wesleyan.edu/~triemer/network/regports.html :


unicall 4343/tcp UNICALL 
unicall 4343/udp UNICALL 

~S~

Disclaimer: My own two cents

Next message: Jason Burzenski: "RE: Probe for index server .ida"
Previous message: Aropalo Tommi: "Re: New maniac rootkit"
Maybe in reply to: Jeremy Anderson: "Mystery web server trojan(?) on Windows ME"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 19:50:12 PDT