Firewall Wizards mailing list archives
RE: port 17027
From: "Ray, Garrett - Mclean" <Garrett.Ray () spacenet com>
Date: Thu, 20 Apr 2000 09:50:49 -0400
In addition to persistent connection attempts to the Conducent (Timesink, Multitudes, Interramp, Schoffstall) ad servers, Conducent-enabled shareware also opens inbound port 20 from time to time (ftp-data). We observed this only once, but it was from one of the Conducent domains named above. In another instance we counted several hundred outbound connection attempts by a single TSAdBot agent over the course of one week. Another user was almost crippled by the spam which began to arrive shortly after the installation of the Conducent shareware (can't prove this was related to TSAdBot, but the timing was strong). The TSAdbot.exe agent executes from a registry run key under Win32. Users will rarely notice its installation and execution (esp under Windoze 95/98). The second best solution short of banning shareware is to (a) kill the running TSAdbot.exe process and (b) delete the executable from user machines. Deleting the Conducent app(s) *will not* solve the problem. Once installed, the shareware apps and the TSAdbot are effectively two separate and independent programs. Dvorak wrote a nice little piece about this recently: http://www.conducent.com/forbes040300.shtm ------------------------------------------------ You have people who have installed "adware" with ads from Conducent, shareware programs that go get advertising to show on the desktop from these sites. IF you check HTTP traffic to those same IP's you will find a lot more, but if you block the HTTP, the programs will try to blow away your network with about 10-15 connect attemtps a second. Best to have companty policy to not install shareware without permission. Look in the clients registry for entries for Conducent, Timesink or Aureate.
Current thread:
- port 17027 Ken Fox (Apr 10)
- Re: port 17027 S. Jonah Pressman (Apr 13)
- Re: port 17027 Frank L. Heidt (Apr 18)
- <Possible follow-ups>
- Re: port 17027 Robert Graham (Apr 13)
- Re: port 17027 Bill_Royds (Apr 18)
- Re: port 17027 Paul D. Robertson (Apr 20)
- Re: port 17027 ark (Apr 18)
- RE: port 17027 Ray, Garrett - Mclean (Apr 20)
- Re: port 17027 Bill_Royds (Apr 24)