Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Trojan port list

0 views

Skip to first unread message

Enno Rey

unread,

Feb 9, 2000, 3:00:00 AM2/9/00

to fire...@lists.gnac.net

Steve Riley wrote:

> Does anyone have handy a list all the ports that the servers for these
> trojans live on? This would be useful information for creating a firewall
> rule that drops all inbound packets destined for such ports.

See www.simovits.com/nyheter9902.html

BTW: your FW should block /any/ traffic not expressly permitted...

Enno

er...@ix.urz.uni-heidelberg.de
PGP: 192E 3EBC AD7D DA41 82FC 0C21 5013 0A2C 42B9 F190

-
[To unsubscribe, send mail to majo...@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

James Paterson

unread,

Feb 9, 2000, 3:00:00 AM2/9/00

to fire...@lists.gnac.net

on a similar note, I noticed in my logs today outbound packets being blocked on port 6667 all trying to get to a list of repeating IRC sites, from 2 internal machines, upon investigation, neither of these machines were running an IRC client. In fact I shut down all the programs, and the connection attempts persited.

The connections show up on the local machies when doing a netstat -a, but are getting dropped on the firewall. My conclusion is that these 2 machines have been visisted by some greeks in a wooden horse.

Do these symptoms sound framiliar to anyone? I have checked the machines for the obvious suspects (subseven / bo) and run the lastest McAffee on them.

Thanks
James

>>> "Enno Rey" <er...@ix.urz.uni-heidelberg.de> 02/09/00 02:43PM >>>

0 new messages