Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Weird traffic to port 10101

To: "'[email protected]'" <[email protected]>, Joe Pampel <[email protected]>, [email protected]
Subject: RE: [FW1] Weird traffic to port 10101
From: "Cepeda, Josh" <[email protected]>
Date: Fri, 5 Oct 2001 09:31:37 -0500
Sender: [email protected]

The Brain Spy trojan also uses port 10101. Below is some information:

Name: BrainSpy
Aliases: Backdoor.BrainSpy, 
Ports: 10101
Files: Brainspy.zip - 288,319 bytes Brainspy.exe - 292,864 bytes
Brains~1.exe - 49,152 bytes Server.exe -  
Created: Sep 1999
Requires: N/A
Actions: Remote Access
Aside from normal Remote Access features, the trojan also removes all virus
scan files. 
Versions: beta, 
Registers:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
Notes: Works on Windows 95 and 98.

-----Original Message-----
From: Steve R [mailto:[email protected]]
Sent: Wednesday, October 03, 2001 5:31 PM
To: Joe Pampel; [email protected]
Subject: Re: [FW1] Wierd traffic to port 10101

Hi Joe,

I know TCP/10101 is used for Support Access into Borderware Firewall
Servers.

Cheers,
	SteveR

10/4/01 1:36:26 AM, "Joe Pampel" <[email protected]> wrote:

>
>I'm getting lots of hits on my FW originating from port 36333  (rpc??) and
heading for my port 
10101. Looks like some kind of trojan or virus at first guess (port # looks
chosen). Anyone else 
seeing this at all?
>
>TIA,
>
>- Joe
>
>
>
>=====================================================================
===========
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>=====================================================================
===========
>
>
>

Steve Rielly
Security Engineer
Extranet Technologies Limited
Level 3, 60 Cook St, Auckland, New Zealand
P.O. Box 7726, Wellesley Street, Auckland, New Zealand
Ph: +, Mob: 025 835530 Fax: +============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] stateful inspection?
Next by Date: Re: [FW-1] Nokia Equipment
Previous by thread: Re: [FW-1] Nokia Equipment
Next by thread: [FW1] VPN Configuration..
Index(es):
- Date
- Thread