Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: UDP port 22321
From: "David U." <davidu () everydns net>
Date: Mon, 9 Sep 2002 18:47:41 -0500
Jeremy Junginger wrote:

Maybe this?
http://www.simovits.com/trojans/tr_data/y921.html


I believe Konik ran over TCP not UDP.

Additionally, given the nature of the trojan, it is unlikely that it would
cause "a lot of activity."

Some questions are:
Is this traffic inbound or outbound?
Is the traffic to many hosts or very few hosts?
Is the traffic valid? (ie: non-rfc1918, etc)

-davidu


-----Original Message-----
From: Greg Schmidt [mailto:gschmidt () wustl edu]
Sent: Monday, September 09, 2002 2:24 PM
To: incidents () securityfocus com
Subject: UDP port 22321


We have seen a lot of activity from some of our students on udp port
23321 lately. Does anyone know what this might be? Thanks.

Greg


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]