RE: What is port 38293/udp?

Fitch, Brian (ISSAtlanta) Sat, 31 Mar 2001 20:33:35 -0800

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

Hello!

From:  http://www.sans.org/y2k/092300.htm

September 23, 2000 
Handler on Duty: Stephen Northcutt (Comments in parentheses - send all
reports to [EMAIL PROTECTED])
Infocon: Green 

This is a fun issue, be sure to catch the write ups of the community working
together to solve the mystery of the local UDP traffic to 38293, fun read! I
still remember the first time those Symantec kids got me spinning around!
Why are all these ICMP echo requests leaving the base and headed for
ping.symantec.com. Turns out to be a network speedometer that shipped with
Norton something or other. The rest of the story is they didn't tell their
ISP what they were doing, what do you suppose the traffic looked like to
them, hehe, the worlds largest smurf reflection! I hope as the Axent folks
infiltrate they will be just a bit more friendly to intrusion analysts and
start posting the signatures of their "value added" network applications on
GIAC. S.

From:
http://www.securityportal.com/buffy/buffy20001012.printerfriendly.html

Question:  Do you know what UDP port 38293 is used for? I'm seeing this on
firewall logs from multiple machines.

Greag Johnson  
 
Answer:   I found several mentions of this port, though not in assigned
numbers or well-known Trojans. I was able, however, to find a mention on the
SANS site. Various firewall and IDS lists also contain mentions of this port
from a variety of different people, so it is probably a modified Trojan
program. Many allow easy modification of which port they listen on, to help
evade detection. Your mystery port is probably some variant in use by an
attacker. 

Buffy ([EMAIL PROTECTED]) 

Cheers,

Brian
 
-----Original Message-----
From: Alexey V. Lukatsky [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 30, 2001 2:04 AM
To: '[EMAIL PROTECTED]'
Subject: What is port 38293/udp?



TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------

Hello!

        What is port 38293/udp?

Best regards,
Alexey Lukatsky                         Tel/fax:        +7 095 289 8998
Deputy Head of Department (ICT, CCSE)           E-mail: [EMAIL PROTECTED]
NIP "Informzaschita", Russia                    WWW: http://www.infosec.ru
RE: What is port 38293/udp?

Reply via email to
