|
Security Incidents
mailing list archives
RE: tcp/1274 scans
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Sat, 17 May 2003 22:37:07 +1200
-----Original Message-----
From: Aaron Cheek [mailto:aaron_cheek () yahoo com]
Sent: Friday, 16 May 2003 11:44 a.m.
To: incidents () securityfocus com
Subject: tcp/1274 scans
Hi again.
Thanks for your hints about port tcp/554 and the Real
Server vulnerability.
Now I'm trying to find some info about tcp/1274, which
according to IANA is t1distproc. Unfortunately I have
not been able to find any info about t1distproc or the
reason for those scans.
TCP port 1274 should be used by Pulpit backdoor. It's a simple trojan which
installs listener on TCP ports 1272, 1274 and 1276. After that an remote
intruder has simple controls over infected system.
This could be related to your scans.
I didn't find info about this trojan on usual anti-virus sites, but you can
see something at the following URL:
http://www.ultrasoftware.net/viruslist/descr.asp?id=101
Best regards,
Bojan Zdrnja
----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- tcp/1274 scans Aaron Cheek (May 15)
- RE: tcp/1274 scans Bojan Zdrnja (May 17)
|
Intro
