Hello gurus of the list,
For some time now I have one of my servers "Broadcasting" to Port 60001
TCP. Even though I drop this kind of traffic, I am very curious to find
out what this traffic really is. But, no matter what list I tried...
http://www.iana.org/assignments/port-numbers
http://www.wittys.com/files/all-ip-numbers.txt
http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html
http://www.securitystats.com/tools/portsearch.asp
http://www.simovits.com/nyheter9902.html
http://www.sys-security.com/html/papers/trojan_list.html
I was only able to find 60001 UDP identified as "Trinity" Trojan. The
thing is that "mine" uses on 60001 TCP, whereas the "Trinity" Trojan
uses 60001 UDP. Furthermore, I've found out that "Trinity" is actually a
"UNIX" based Trojan, not a Windoz3 which is my case after all.
Anyone knows of some other list(s) containing "Well-Known", "Known",
"Unknown", "Trojan" or whatever TCP/UDP ports?
Anyone knows of what application might be using this (60001 TCP) port
and "Broadcasting"?
Thanks and
Cheers,
Dimitris.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
