I was looking through the source of one of those apache-ssl worms that have been kicking around recently. I'm not sure of the name of this one, I got it through a friend. He had found it on a compromised machine. Anyway, this part of the source might give you a clue... --CUT-- #define PORT 2002 --CUT-- It looks like this thing uses port 2002 to communicate in it's peer-to-peer way. You might want to check your machines for that worm. If recent posts are correct, than you should find a 'bugtraq' process running on the infected machine. If you want to look at the source, contact me and I can forward it to you. Otherwise a quick google search should help out. Cheers. Jonathan Freedman Packet Mountain, Ltd ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 13:09:11 PDT