Re: New Trojan
From: Russell Fulton (r.fulton_at_auckland.ac.nz)
Date: 10/29/03
- Previous message: Mark E. Donaldson: "RE: Probable Trojan."
- In reply to: Damian Gerow: "Re: New Trojan"
- Next in thread: Tran, John: "RE: New Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Damian Gerow <damian@sentex.net> Date: Wed, 29 Oct 2003 16:33:41 +1300
On Wed, 2003-10-29 at 07:17, Damian Gerow wrote:
> I also just completed a UDP port scan of the infect host, which was
> completely useless. My screen buffer only goes back so far, but every port
> from 64367 and up is marked as 'open'. :(
I have little faith in UDP scans because lack of response is taken as
meaning the port is open. UDP scanning works on the principle that
closed port should send back a ICMP port unreachable. If the port is
filtered or packet dropped anywhere along the path or the machine does
not respond with the expected unreachable or the unreachable gets
filtered or dropped then the port will show as open.
You probably know all this but, just in case...
-- Russell Fulton, Network Security Officer, The University of Auckland, New Zealand. --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
- Previous message: Mark E. Donaldson: "RE: Probable Trojan."
- In reply to: Damian Gerow: "Re: New Trojan"
- Next in thread: Tran, John: "RE: New Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
