> -----Original Message----- > From: Aaron Cheek [mailto:aaron_cheekat_private] > Sent: Friday, 16 May 2003 11:44 a.m. > To: incidentsat_private > Subject: tcp/1274 scans > > > Hi again. > > Thanks for your hints about port tcp/554 and the Real > Server vulnerability. > > Now I'm trying to find some info about tcp/1274, which > according to IANA is t1distproc. Unfortunately I have > not been able to find any info about t1distproc or the > reason for those scans. TCP port 1274 should be used by Pulpit backdoor. It's a simple trojan which installs listener on TCP ports 1272, 1274 and 1276. After that an remote intruder has simple controls over infected system. This could be related to your scans. I didn't find info about this trojan on usual anti-virus sites, but you can see something at the following URL: http://www.ultrasoftware.net/viruslist/descr.asp?id=101 Best regards, Bojan Zdrnja ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat May 17 2003 - 09:17:36 PDT