UAAC Protocol ?

From: Clarke, Suzy (suzy.clarke@cgey.com)
Date: 06/26/02


From: "Clarke, Suzy" <suzy.clarke@cgey.com>
To: incidents@securityfocus.com
Date: Wed, 26 Jun 2002 09:42:46 +0100

Hi all,

Last year the XC telnetd worm infected machines running the BSD based telnet
daemon. Amongst other things it installed a rootshell backdoor on TCP port
145.

This port is reserved for a service called "UAAC" [it's defined by default
in FreeBSD's /etc/services file]
Does anyone have any idea what it's legitimately used for?

I've checked the RFCs and done a Google search but they haven't turned up
anything. In several port listings a David Gomberg at Mitre
[gomberg@gateway.mitre.org] is listed as the contact for this service but
mail to that address bounces. I was also referred to him by IANA. Does
anyone have an alternate email for him?

I contacted Ryan Russell at Sec Focus as he did the original XC worm
analysis but he doesn't know what UAAC is used for either.

If you've got any ideas or info please let me know.
Thanks,
Suzy

********************************************************************************************
" This message contains information that may be privileged or confidential and
is the property of the Cap Gemini Ernst & Young Group. It is intended only for
the person to whom it is addressed. If you are not the intended recipient, you
are not authorized to read, print, retain, copy, disseminate, distribute, or use
this message or any part thereof. If you receive this message in error, please
notify the sender immediately and delete all copies of this message ".
********************************************************************************************

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com