Announcement

Collapse
No announcement yet.

Socket 23

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Socket 23

    I was doing a port scan the other day on
    random IP Addresses and I noticed that a large amount of computers have the Socket23 Trojan. Does anyone know why?

  • #2
    Here's what a quick google search found.

    Telnet Server Port 23
    If you run a Telnet server, this port is required for the Telnet Client to connect to your server. Telnet can be used for other ports to check services, but in order to use telnet for remote admin and login, port 23 must be open.
    Killing threads one post at a time...

    Comment


    • #3
      I can only guess that he meant the Socket23 trojan that is common to port 5000/5001 or 30303... not port 23

      It could be that they are using one of the ports for some sort of common service, but your scanner is configured to recognize usage of that port to mean the trojan exists... when it may in fact not
      if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

      Comment


      • #4
        c0n is probably right.

        Which scanner were you using? What type of scan were you doing? TCP? UDP? I ask because TCP 5000 is used by Windows ME Simple Service Discover Protocol Server, which is used for Universal Plug and Play and TCP 5001 is used by Ultima Online whereas Sockets de Troie is UDP 5000, 5001.

        The ME service has a tendancy to show up in some scans as Sockets de Troie.
        perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

        Comment


        • #5
          I agree with Chris, If you are picking up a lot of 5000 ports, it is more than likely people with UPnP still enabled.

          It is enabled by default and is open to a DoS attack that locks up the machine. So those people should close that shiat.

          For more info, check out:
          http://www.packetstormsecurity.org/0...loits/XPloit.c
          .: Grifter :.

          Comment


          • #6
            I agree though Sockets de troie in my experience has massive port 5k openings.(correct me if im wrong)
            Perhaps you will like this security administrator help tool. www.solarwinds.net

            Either edition will do.

            Comment

            Working...
            X