Snort mailing list archives
Typot BACKDOOR
From: _JusSx_ <jussx0 () yahoo it>
Date: Fri, 28 May 2004 21:25:09 +0200
Hi,
I got some odd logs from snort. I got log such as
May 28 21:19:29
localhost snort: [1:2182:3] BACKDOOR typot trojan traffic
[Classification: A Network Trojan was detected] [Priority: 1]: {TCP}
62.61.133.250:3135 -> 192.168.0.2:4662
Port 4662 is used by mldonkey and edonkey users are allowed to connect
to because my router and my firewall are set so.
Well what does it mean? is my box infected by typot backdoor? or are
infected computers scanning my box?
Thanx in advance
--
Attachment:
_bin
Description:
Current thread:
- Typot BACKDOOR _JusSx_ (May 28)
- <Possible follow-ups>
- RE: Typot BACKDOOR David (May 28)