On Thu, 6 Mar 2003 14:44:48 +0100 Qian Gong <[EMAIL PROTECTED]> wrote:
> > As this is not known to me as a standard service, it could be either > > Dell's monitoring software or a trojan. There's a VB trojan that > > uses this port. > > > > Fiddling with 'telnet host port' can also help in such cases. > > After this command, the program just hangs after > > Escape character is'^]'. Of course, you just established a connection to that port at this moment. It's up to you to type in a command that the service will respond on. So you have to know or to guess what the protocol looks like. That's why I called it 'fiddling'. Just to get an impression what I'm talking about, establish a telnet connection to any webserver (port 80) and then type "HEAD / HTTP/1.0" and the server will return it's identification, version, etc. or try "GET /" and you will get the start page of this server in plain text. Again, there are several trojans that use that specific port e.g.: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gapin.html http://www.simovits.com/trojans/tr_data/y935.html Google will tell you more! :) Regards, Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
