Trojans that use LDAP

From: Gary Porter (gary.porterat_private)
Date: Tue Jan 15 2002 - 06:57:56 PST

  • Next message: Hugo van der Kooij: "Re: Trojans that use LDAP"

    Are there any Trojans that communicate using LDAP?  A machine on our
    internal network is trying to connect to
    "email-ds-3.c3pki.ch" on destination Port 389?  That port (blocked by the
    firewall) is ostensibly used for the Lightweight Directory Access Protocol,
    but I know nothing about this service and I've been unsuccessful (using Sam
    Spade) in locating any information about the destination address.  Is this
    the sign of a compromise or something more benign?
    
    Gary R. Porter
    Program Manager, CITS Mobile Training
    MATCOM Corporation
    757-838-0212 (w)
    757-897-5830 (m)
    gary.porterat_private
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 23:03:19 PST