Security Incidents mailing list archives

Re: New trojan running in port 12345?

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Thu, 21 Dec 2000 12:24:42 -0500

is it possible that the rise this past year in NetBus (12345/TCP) and Sub7
2.1 (27374/TCP) is some sort of underground audit to collect statistics on
the number of infected machines? i'm thinking about last winter's Internet
Aduting Project (mirrored at http://www.viacorp.com/auditing.html).

some of the projects i'm involved with would definitely look nefarious to
someone who didn't know our larger picture, which is entirely statistical.

[speaking of the IAP, what ever happened to the results they promised to
post?]

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

New trojan running in port 12345? Martin H Hoz-Salvador (Dec 20)
- Re: New trojan running in port 12345? Russell Fulton (Dec 21)
  - Re: New trojan running in port 12345? Jose Nazario (Dec 21)
- <Possible follow-ups>
- Re: New trojan running in port 12345? Edwards, David (JTD) (Dec 21)
  - Re: New trojan running in port 12345? claymore (Dec 21)
- Re: New trojan running in port 12345? Edwards, David (JTD) (Dec 21)
  - Re: New trojan running in port 12345? Michael H. Warfield (Dec 21)