Jeremy Junginger wrote: > Maybe this? > http://www.simovits.com/trojans/tr_data/y921.html I believe Konik ran over TCP not UDP. Additionally, given the nature of the trojan, it is unlikely that it would cause "a lot of activity." Some questions are: Is this traffic inbound or outbound? Is the traffic to many hosts or very few hosts? Is the traffic valid? (ie: non-rfc1918, etc) -davidu > -----Original Message----- > From: Greg Schmidt [mailto:gschmidtat_private] > Sent: Monday, September 09, 2002 2:24 PM > To: incidentsat_private > Subject: UDP port 22321 > > > We have seen a lot of activity from some of our students on udp port > 23321 lately. Does anyone know what this might be? Thanks. > > Greg > > > ------------------------------------------------------------------------ > ---- > This list is provided by the SecurityFocus ARIS analyzer service. For > more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 10 2002 - 08:45:55 PDT