Wireshark · Ethereal-users: RE: [Ethereal-users] Solved: 78 percent of ARP packets on the network

Ethereal-users: RE: [Ethereal-users] Solved: 78 percent of ARP packets on the network

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Simon Hailstone" <Simon.Hailstone@xxxxxxxxxxxxxxxxxxx>

Date: Fri, 28 May 2004 11:06:07 +0100

> This definitely is not normal and we found some
> weird program listening(??) on port 9876 on every
> machine. Maybe a bug in this worm/trojan/whatever
> caused it to arp without learning the response.

There are two trojans that are known to operate on
tcp/9876, Rux and CyberAttacker/"Portal of Doom".
Neither of them are very nice :-(

Hope you got everything cleaned up OK!


Best Regards,

Simon Hailstone
Orthogon Systems

References:
- [Ethereal-users] Solved: 78 percent of ARP packets on the network
  - From: Erick Perez - BANSOFT

Prev by Date: [Ethereal-users] Request permission to introduce your web page
Next by Date: [Ethereal-users] "Type/Lenght" field in Ethernet II and Ethernet 802.3 frames
Previous by thread: Re: [Ethereal-users] Solved: 78 percent of ARP packets on the network
Next by thread: Re: [Ethereal-users] 78 percent of ARP packets on the network
Index(es):
- Date
- Thread