Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Port 559 (tcp/udp) Attack Activity Port 559 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp teedtap teedtap
udp teedtap teedtap
tcp domwis Domwis Trojan Backdoor
Top IPs Scanning
TodayYesterday
93.174.93.27 (22)80.82.77.231 (125)
80.82.70.106 (19)93.174.93.27 (14)
45.136.109.241 (4)80.82.70.106 (11)
185.132.53.94 (1)45.136.109.241 (2)
185.254.123.8 (1)195.54.166.102 (2)
195.54.166.102 (1)172.17.1.144 (2)
195.54.166.93 (1)185.216.140.53 (1)
45.136.109.177 (1)185.35.79.50 (1)
45.141.86.105 (1)92.63.196.6 (1)
164.132.200.32 (1)78.128.112.114 (1)
Port diary mentions
URL
LSASS exploit, SSL PCT exploits, port 559 (tcp) proxy hunter, Bagle.Z
Spyware Tool Kit, OSPF Filtering & Authentication, Port 559 Traffic Spike
User Comments
Submitted By Date
Comment
Pat 2004-02-27 19:34:52
Backdoor.Domwis Discovered on: February 06, 2004 Last Updated on: February 09, 2004 03:39:20 PM Backdoor.Domwis is a backdoor Trojan horse, which allows unauthorized, remote access to your computer. By default is opens TCP port 559. fwiw,Most likely the trojan listed at Symantec, http://securityresponse.symantec.com/avcenter/venc/data/backdoor.domwis.html Type: Trojan Horse Infection Length: 15,360 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX
Add a comment
CVE Links
CVE # Description