Trojans that use LDAP

From: Gary Porter (gary.porterat_private)
Date: Tue Jan 15 2002 - 06:57:56 PST

Next message: Hugo van der Kooij: "Re: Trojans that use LDAP"

Previous message: Markus Stumpf: "Re: Matt Wright FormMail Attacks"
Next in thread: Patrick Patterson: "Re: Trojans that use LDAP"
Reply: Patrick Patterson: "Re: Trojans that use LDAP"
Reply: Hugo van der Kooij: "Re: Trojans that use LDAP"
Reply: GeekSpookyat_private: "Re: Trojans that use LDAP"
Reply: Kevin.Reardonat_private: "Re: Trojans that use LDAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Are there any Trojans that communicate using LDAP?  A machine on our
internal network is trying to connect to
"email-ds-3.c3pki.ch" on destination Port 389?  That port (blocked by the
firewall) is ostensibly used for the Lightweight Directory Access Protocol,
but I know nothing about this service and I've been unsuccessful (using Sam
Spade) in locating any information about the destination address.  Is this
the sign of a compromise or something more benign?

Gary R. Porter
Program Manager, CITS Mobile Training
MATCOM Corporation
757-838-0212 (w)
757-897-5830 (m)
gary.porterat_private


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Hugo van der Kooij: "Re: Trojans that use LDAP"
Previous message: Markus Stumpf: "Re: Matt Wright FormMail Attacks"
Next in thread: Patrick Patterson: "Re: Trojans that use LDAP"
Reply: Patrick Patterson: "Re: Trojans that use LDAP"
Reply: Hugo van der Kooij: "Re: Trojans that use LDAP"
Reply: GeekSpookyat_private: "Re: Trojans that use LDAP"
Reply: Kevin.Reardonat_private: "Re: Trojans that use LDAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 23:03:19 PST