RE: Port UDP 3049

From: Ryan Russell (ryanat_private)
Date: Mon Mar 11 2002 - 08:39:19 PST

Next message: Eric Brandwine: "Re: nouser - rootkit ?"

Previous message: Patrick Andry: "Re: SMTP Probe/Attack?"
In reply to: Paulo.Sedrezat_private: "RE: Port UDP 3049"
Next in thread: Thomas Akin: "Re: Port UDP 3049"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 11 Mar 2002 Paulo.Sedrezat_private wrote:

> 3049 is the CFS - Cryptografic File System - service port. Those scans are
> probably probing for some weak - or absent - password for a file system.

What I'm looking at is a virus that was posted to vuln-dev last week:
http://online.securityfocus.com/archive/82/259719

I realize that 3049 is used for CFS, but what I'm looking for is a
specially-formatted UDP packet that is designed to send commands to the
backdoor this virus installs.

						Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Eric Brandwine: "Re: nouser - rootkit ?"
Previous message: Patrick Andry: "Re: SMTP Probe/Attack?"
In reply to: Paulo.Sedrezat_private: "RE: Port UDP 3049"
Next in thread: Thomas Akin: "Re: Port UDP 3049"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 11 2002 - 11:06:30 PST