<bonkat_private> wrote: > Anyone know what trojans/backdoors run on 22634, 24544 and 29319 ? > Snort.org doesn't list these. This style of reply is seldom accepted for posting, but it should be remembered that only knowing the attempted port is a **very, very poor** diagnostic. Most of the modern RATs, bots, etc and nearly all of the widely used ones, allow the ports they run on to be configured. Thus, only knowing "port X was scanned" and "port X is the default port for <some RAT>" does not tell you much. Further, few of the IDSes, etc do traffic analysis to better detect which RAT, bot, etc may be involved *and* of those that do, few do so for more than a tiny fraction of the RATs. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 10:49:28 PST