Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Any further information available on Trojans?		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Any further information available on Trojans?  (Read 1827 times)
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2918
Any further information available on Trojans?
« on: Feb 23rd, 2002, 11:56am »		 Quote Quote  Modify Modify
23 February - one helluva lot of activity on TCP3456 - in 45 mins today has become the highest scoring day in terms of hits per second on my system!
 
3456/tcp is TerrorTrojan, isn't it? Also "VAT default data"  Huh - in the UK VAT is a sales tax - what's it in computing? I guess it's a legit service of some sort. Undecided
 
Now, using sites like http://lists.gpick.com/pages.asp?page=Port_Lists and http://www.stengel.net/tcpports.htm (loads more I'm sure) I can find out about the port number, but very little about the services running on it.
 
And any reasons why every single one of these hits today comes from Japan? Reminds me of a couple of months back when all the hits on TCP/2323 came from the western Pacific rim (Japan, Oz, Taiwan, etc).
« Last Edit: Feb 23rd, 2002, 1:42pm by Ian » IP Logged
... but crap arrives pretty much straight away.
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4523
Re: Any further information available on Trojans?
« Reply #1 on: Feb 25th, 2002, 5:42pm »		 Quote Quote  Modify Modify
You've probably heard this before but unless you have port 3456 open on your system there's really no need to worry. If you do have that port open then I'd recommend getting a program such as TCPView Pro to check what is holding it open.
 
My guess is that someone has rooted some shell accounts in Japan and is using them to scan for exploits. Either that, or there's some new worm on the loose that tries to exploit a service on port 3456. That wouldn't explain the hits all coming from Japan, though.
IP Logged
Follow me on Twitter: http://twitter.com/mmischel
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2918
Re: Any further information available on Trojans?
« Reply #2 on: Feb 25th, 2002, 6:51pm »		 Quote Quote  Modify Modify
I have TCPView Pro (excellent IMHO), but nothing holding 3456 open. I have heard that IIS may use it (IIS is nowhere near this box), but it was the reference to 'VAT default data' that most puzzled me!
 
I don't normally worry about stuff that the firewall blocks, but this and the port 2323 incident has made me wonder about the imminence of another attack from the Far East...
 That and the sheer volume - 4326 hits in 45 minutes is a bit higher than the previous highest whole day here Grin (that was when one of my ISPs servers decided to try routing OSPF packets through the PC at the stead rate of 720 per hour).
IP Logged
... but crap arrives pretty much straight away.
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »