Re: Trojans that use LDAP
From: Hugo van der Kooij (hvdkooij@vanderkooij.org)Date: 01/16/02
- Previous message: Gary Porter: "Trojans that use LDAP"
- In reply to: Gary Porter: "Trojans that use LDAP"
- Next in thread: GeekSpooky@aol.com: "Re: Trojans that use LDAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Jan 2002 00:30:14 +0100 (CET) From: Hugo van der Kooij <hvdkooij@vanderkooij.org> To: INCIDENTS <INCIDENTS@securityfocus.com>
On Tue, 15 Jan 2002, Gary Porter wrote:
> Are there any Trojans that communicate using LDAP? A machine on our
> internal network is trying to connect to
> "email-ds-3.c3pki.ch" on destination Port 389? That port (blocked by the
> firewall) is ostensibly used for the Lightweight Directory Access Protocol,
> but I know nothing about this service and I've been unsuccessful (using Sam
> Spade) in locating any information about the destination address. Is this
> the sign of a compromise or something more benign?
Given the host name "email-ds-3.c3pki.ch" containing the three magic
letters PKI and the LDAP attempts this might very well be a server with an
addressbook in the LDAP database.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Gary Porter: "Trojans that use LDAP"
- In reply to: Gary Porter: "Trojans that use LDAP"
- Next in thread: GeekSpooky@aol.com: "Re: Trojans that use LDAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
