[Snort-users] Typot BACKDOOR

_JusSx_ jussx0 at ...5849...
Fri May 28 12:26:05 EDT 2004


Hi,
I  got some odd logs from snort. I got log such as 

May 28 21:19:29
localhost snort: [1:2182:3] BACKDOOR typot trojan traffic
[Classification: A Network Trojan was detected] [Priority: 1]: {TCP}
62.61.133.250:3135 -> 192.168.0.2:4662

Port 4662 is used by mldonkey and edonkey users are allowed to connect
to because my router and my firewall are set so.
Well what does it mean? is my box infected by typot backdoor? or are
infected computers scanning my box?

Thanx in advance


-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040528/1af8bdb7/attachment.sig>


More information about the Snort-users mailing list