[28499] in North American Network Operators' Group
Re: tcp port 8311?
daemon@ATHENA.MIT.EDU (Dean Robb)
Wed May 3 02:14:15 2000
Message-Id: <3.0.6.32.20000503015141.00a024b0@norfolk.infi.net>
Date: Wed, 03 May 2000 01:51:41 -0400
To: Brent Sweeny <sweeny@indiana.edu>
From: Dean Robb <pceasy@norfolk.infi.net>
Cc: nanog@merit.edu
In-Reply-To: <20000502113846.G16968@indiana.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
At 11:38 AM 5/2/00 -0500, Brent Sweeny wrote:
>
>we're seeing what appears to be a new large stream of data going outbound
>on tcp port 8311 and we can't identify a corresponding new application--
>destinations are varied, with streams in the range of 50-100MBs each.
>Do any of you have any ideas what this is, and where to find out more
>about it? is this a new Napster?
> thanks,
I've run into a couple of Visual Basic trojans in the last few weeks that
are sending a list of the client's drives' files to the hacker's machines.
They've both connected at times the machines were untended and transmitted
over 10Megs of data. Unable to trace the virus (neither machine was
protected) but in both cases a logfile was left behind by the trojan
showing the connection, timestamps and amount of data transmitted.
Unfortunately, the recieving number/IP wasn't listed.
Mayhap this is a possibility?
"Microsoft is not a monopoly!" - Bill Gates "HA!" - Judge Jackson
Dean Robb
Owner, PC-EASY
(757) 495-EASY [3279]
On-site computer services
Member, ICANN @Large
