Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Port 9898 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 9898 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp dabber [trojan] Dabber Worm backdoor
tcp monkeycom MonkeyCom
udp monkeycom MonkeyCom
Top IPs Scanning
TodayYesterday
198.108.67.48 (9)198.108.67.48 (111)
80.82.65.40 (8)185.39.10.54 (43)
185.222.209.54 (7)81.22.45.254 (36)
198.20.99.130 (3)45.136.109.253 (23)
45.136.109.237 (2)92.119.160.141 (21)
198.108.67.104 (1)51.75.52.127 (18)
198.108.67.98 (1)89.248.172.16 (17)
198.108.67.85 (1)66.240.219.146 (17)
198.108.67.58 (1)45.136.109.237 (15)
185.153.196.191 (1)111.231.84.8 (12)
Port diary mentions
URL
ISC DHCPD buffer overflow exploit code produced in the lab
Samba - Buffer Overrun, HP Remote Command Execution, Top 15 Worms, Hosts File, SasserDabber Activity
User Comments
Submitted By Date
Comment
2015-10-31 07:55:57
Port 9898 is also use by FileMaker Web Engine as a loop back Port to IIS
Shahjahan Khan 2012-09-06 01:15:50
TCP Port 9898 is also used by Tripwire Agent that install on servers to communicate Tripwire Enterprise Servers.
2006-12-31 08:10:43
Also used for TOC/TOC2 (The other AIM protocol), so could cause problems for users if blocked outbound.
Joel Esler 2004-05-18 22:17:32
9898 is one of the backdoor ports used in Sasser. Sasser opens an ftp server on port 9898.
Travis Biehn 2004-05-14 18:03:06
Used by the dabber worm as a backdoor.
Harald Weiss 2004-05-14 01:51:59
9898 TCP has been reported as beeing related to a Backdoor of the Dabber Virus : http://www.lurhq.com/dabber.html for more info
Bill McCarty 2004-02-26 19:07:55
On Feb 25, 2004, I logged several probes of tcp/3127 and tcp/9898. Apparently, there's some association between MyDoom, which plays with tcp/3127, and this port.
Add a comment
CVE Links
CVE # Description