Security Incidents mailing list archives

Trojans that use LDAP

From: "Gary Porter" <gary.porter () matcomcorp com>
Date: Tue, 15 Jan 2002 09:57:56 -0500

Are there any Trojans that communicate using LDAP?  A machine on our
internal network is trying to connect to
"email-ds-3.c3pki.ch" on destination Port 389?  That port (blocked by the
firewall) is ostensibly used for the Lightweight Directory Access Protocol,
but I know nothing about this service and I've been unsuccessful (using Sam
Spade) in locating any information about the destination address.  Is this
the sign of a compromise or something more benign?

Gary R. Porter
Program Manager, CITS Mobile Training
MATCOM Corporation
757-838-0212 (w)
757-897-5830 (m)
gary.porter () matcomcorp com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Trojans that use LDAP Gary Porter (Jan 15)
- Re: Trojans that use LDAP Patrick Patterson (Jan 15)
- Re: Trojans that use LDAP Hugo van der Kooij (Jan 16)
- Re: Trojans that use LDAP Kevin . Reardon (Jan 18)
  - Re: Trojans that use LDAP Stephen (Jan 19)
- <Possible follow-ups>
- Re: Trojans that use LDAP GeekSpooky (Jan 17)