Loading...
[get complete service list]
Top of page
Top of page
Port Information
Protocol Service Name
tcp --- ---
Top IPs Scanning
Today Yesterday
204.236.133.68 (1)167.94.138.102 (2)
54.167.31.60 (1)91.148.190.150 (2)
103.99.2.22 (1)162.142.125.253 (2)
3.131.209.36 (1)79.124.62.130 (2)
222.128.243.194 (1)17.188.180.227 (2)
104.234.180.188 (1)45.132.1.242 (2)
91.148.190.150 (1)204.236.133.68 (1)
User Comments
Submitted By Date
Comment
Colin Keith 2009-10-04 18:45:22
From: http://www.sarc.com/avcenter/venc/data/w32.hllw.lovgate.d@mm.html "W32.HLLW.Lovgate.D@mm .. The subject and attachment of the incoming email are chosen from a predetermined list. The worm also has a Backdoor Trojan capability. By default, the Trojan component listens on TCP ports 10168 and 20168." So portscans for this port are people looking to gain control of Windows boxes that have already been infected with this worm.
2004-11-09 17:58:20
Port 20168 - Some Lovegate variants have a Trojan that listens on this Port and on Port 10168
Kevin Zelhart 2004-01-03 07:34:30
Have seen this utility used several times in the past few months in conjunction with Firedaemon for hacks on network systems. We suspect the initial intrusion was made via IRC ports (neither of the nets had adequate firewall protection, despite our prompting). I cannot recall the location of the Dameware, but we located Firedaemon stuck under the OS2 folder under system32.
2003-12-17 17:41:31
Port 20168 probes possibly related to the Lovgate virus.
jarmaug 2003-12-14 09:04:14
Appears to be an arbitrarily set IRC port for a gaobot (agobot) variant. The scans are 48 bytes per flow, which is an exact match to a couple other machines which are exhibiting the same behavior (48 bytes per flow) to port 6667 and have also been identified as being infected with gaobot/agobot.
Top of page
CVE Links
CVE # Description
Top of page