Trojans that use LDAP
From: Gary Porter (gary.porter@matcomcorp.com)Date: 01/15/02
- Previous message: Kevin.Reardon@oracle.com: "Re: Connection Attempts"
- Next in thread: Patrick Patterson: "Re: Trojans that use LDAP"
- Reply: Patrick Patterson: "Re: Trojans that use LDAP"
- Reply: Hugo van der Kooij: "Re: Trojans that use LDAP"
- Reply: GeekSpooky@aol.com: "Re: Trojans that use LDAP"
- Reply: Kevin.Reardon@oracle.com: "Re: Trojans that use LDAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Gary Porter" <gary.porter@matcomcorp.com> To: "INCIDENTS" <INCIDENTS@SECURITYFOCUS.COM> Date: Tue, 15 Jan 2002 09:57:56 -0500
Are there any Trojans that communicate using LDAP? A machine on our
internal network is trying to connect to
"email-ds-3.c3pki.ch" on destination Port 389? That port (blocked by the
firewall) is ostensibly used for the Lightweight Directory Access Protocol,
but I know nothing about this service and I've been unsuccessful (using Sam
Spade) in locating any information about the destination address. Is this
the sign of a compromise or something more benign?
Gary R. Porter
Program Manager, CITS Mobile Training
MATCOM Corporation
757-838-0212 (w)
757-897-5830 (m)
gary.porter@matcomcorp.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Kevin.Reardon@oracle.com: "Re: Connection Attempts"
- Next in thread: Patrick Patterson: "Re: Trojans that use LDAP"
- Reply: Patrick Patterson: "Re: Trojans that use LDAP"
- Reply: Hugo van der Kooij: "Re: Trojans that use LDAP"
- Reply: GeekSpooky@aol.com: "Re: Trojans that use LDAP"
- Reply: Kevin.Reardon@oracle.com: "Re: Trojans that use LDAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
