Also check out http://www.simovits.com/trojans/trojans.html
-----Original Message-----
From: Kelly Hair [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 4:58 PM
To: Dave Horsfall
Cc: [EMAIL PROTECTED]
Subject: Re: Port 27374?
Check out http://vil.nai.com/villib/dispVirus.asp?virus_k=10566
HTH
----- Original Message -----
From: "Dave Horsfall" <[EMAIL PROTECTED]>
To: "Firewalls List" <[EMAIL PROTECTED]>
Sent: Wednesday, January 17, 2001 4:27 PM
Subject: Port 27374?
> Apart from the usual SunRPC, FTP, etc portscans (don't these kiddies
have
> anything better to do?), I've started seeing probes like this:
>
> [207.172.150.150] resolves to
"207-172-150-150.s23.as10.anp.md.dialup.rcn.com"
>
> Jan 17 17:12:30 denied tcp 207.172.150.150(1741) ->
192.84.230.1(27374),
1 packet
> Jan 17 17:12:30 denied tcp 207.172.150.150(1742) ->
192.84.230.1(12345),
1 packet
> Jan 17 17:12:30 denied tcp 207.172.150.150(1745) ->
192.84.230.2(27374),
1 packet
> Jan 17 17:12:30 denied tcp 207.172.150.150(1746) ->
192.84.230.2(12345),
1 packet
>
> Etc.
>
> 12345 is "Netbus, Pie-Bill-Gates" etc, but what's 27374? Some new
trojan?
>
> And more to the point, why is this lamer using TCP, when most trojans
> are UDP? Or did I answer my own question?
>
> -- Dave
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
