Hi all, Last year the XC telnetd worm infected machines running the BSD based telnet daemon. Amongst other things it installed a rootshell backdoor on TCP port 145. This port is reserved for a service called "UAAC" [it's defined by default in FreeBSD's /etc/services file] Does anyone have any idea what it's legitimately used for? I've checked the RFCs and done a Google search but they haven't turned up anything. In several port listings a David Gomberg at Mitre [gombergat_private] is listed as the contact for this service but mail to that address bounces. I was also referred to him by IANA. Does anyone have an alternate email for him? I contacted Ryan Russell at Sec Focus as he did the original XC worm analysis but he doesn't know what UAAC is used for either. If you've got any ideas or info please let me know. Thanks, Suzy ******************************************************************************************** " This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst & Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message ". ******************************************************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:25:21 PDT