-
August 11th, 2003, 06:41 PM
#1
Anyone know what UDP Port 12652 is for?
Anyone know what udp port 12652 is for? I have seen a marked increase in scans for this particular port with many of my customers. I have searched through the forums here and on google and have found no mention of this port used for anything, trojan or otherwise.
Anyone know what this port may be used for?
Thanks in advance.
Grinler
-
August 11th, 2003, 06:48 PM
#2
Senior Member
yea... the UDP port 12652 I believe is for "****ing Brilliant Evil Trojan v1.001"
that's about all I could find, and it was on some german security page
-
August 11th, 2003, 06:48 PM
#3
Well its an unassigned port so chances are its a common trojan port that is being scanned for.
If youve got your AV and firewall s/w up-to-date then you've got nothing to worry about, its probably just some 1337 kids.
Edit: 500th post, w00t!
-
August 11th, 2003, 06:54 PM
#4
Im not really concerned, just curious. My firewalls and the clients firewalls, are stopping the traffic so it is not major issue.
Just was curious as to what trojan/sploit would possibly use this port.
Thanks for the info guys.
Grinler
-
August 11th, 2003, 06:55 PM
#5
Try the following link. It's a list of assigned and unassigned ports. Not sure how often it is updated. As r3b00+ stated it is an unassigned port.
http://www.iana.org/assignments/port-numbers
-
August 11th, 2003, 07:03 PM
#6
yeah i know its unassigned. I was just wondering if someone knew a trojan or exploit that uses that port.
-
August 11th, 2003, 07:04 PM
#7
Senior Member
Originally posted here by Plastic
yea... the UDP port 12652 I believe is for "****ing Brilliant Evil Trojan v1.001"
that's about all I could find, and it was on some german security page
there ya go
-
August 13th, 2003, 09:17 PM
#8
... another possibility:
a known trojan with editable ports (B02K, e.g.). Try teleneting to it and no matter how wierd the reply, Google that exact string.
Myk
-
August 13th, 2003, 09:32 PM
#9
The explanation Mykol gives is the one I'd put my money on - a lot of trojans nowadays can change the ports they use to avoid detection by scanning for services running on particular ports.
A google search for the port didn't turn up anything interesting, so it's probably not used by any common peer to peer applications (e.g. Kazaa).
-
August 14th, 2003, 05:38 PM
#10
Though it could be a trojan that is using that port instead of the default, I dont think thats the case. I have found multiple scans for that port from multiple ip addresses, which leads me to believe its something else. COuld be wrong though, who knows.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|