[Snort-users] BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network

Roeland Weve roeland at ...1415...
Fri Mar 30 07:31:40 EST 2001


I've got 15062 occurances from one IP to 934 IP addresses
I duno exactly what to do with that, but does anybody what it does?
I had a look at the arachNIDS, but I don't know if it's dangerous...
How can I see if a machine is really affected?

#0-(1-8870) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
Server on Network
2001-03-29 19:10:00  xxx.xx.xx.78:60000 -> xxx.xx.200.0:2140  UDP

#1-(1-8871) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
Server on Network
 2001-03-29 19:10:00 xxx.xx.xx.78:60000 -> xxx.xx.200.1:2140 UDP

#2-(1-8872) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
Server on Network
2001-03-29 19:10:01 xxx.xx.xx.78:60000 -> xx.xx.200.2:2140  UDP

#3-(1-8873) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
Server on Network
2001-03-29 19:10:01 xxx.xx.xx.78:60000  -> xx.xx.200.3:2140 UDP

#4-(1-8874) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
Server on Network
2001-03-29 19:10:01 xxx.xx.xx.78:60000 -> xxx.xx.200.4:2140 UDP

#5-(1-8875) [arachNIDS] BACKDOOR DeepThroat 3.1 Client Sending Data to
Server on Network
2001-03-29 19:10:01 xxx.xx.xx.78:60000 -> xxx.xx.200.5:2140  UDP

Thanx, Roeland




More information about the Snort-users mailing list