Are there any Trojans that communicate using LDAP? A machine on our internal network is trying to connect to "email-ds-3.c3pki.ch" on destination Port 389? That port (blocked by the firewall) is ostensibly used for the Lightweight Directory Access Protocol, but I know nothing about this service and I've been unsuccessful (using Sam Spade) in locating any information about the destination address. Is this the sign of a compromise or something more benign? Gary R. Porter Program Manager, CITS Mobile Training MATCOM Corporation 757-838-0212 (w) 757-897-5830 (m) gary.porterat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 23:03:19 PST