Home | Security Forums | Free Tools | arachNIDS 

[ Monday, December 27 ]  


What's New
About Whitehats
Infosec Library
Contact Us
Terms Of Use
Privacy Policy


Intrusion Detection
. arachNIDS Center
. Submit Signatures
. Forum: General NIDS
. Forum: arachNIDS
. Forum: Signatures
. Forum: Snort IDS
. IDS Tools

Penetration Testing
. Forum: Penetration
. Forum: Nessus
. Assessment Tools

Network Defense
. Forum: DDOS Attacks
. Forum: Internet Law
. Forum: Incidents
. Defense Tools


Search arachNIDS
Search Tools
Search Forums

Whitehats Intrusion Detection Events Database: Full details for trojan-active-Infector.1.x
arachNIDS - The Intrusion Event Database
browse by grouping, classification, target affected

IDS315 "TROJAN-ACTIVE-INFECTOR.1.X

 Packet Traces 

Client to Server
Client authenticates itslef as being an Infector Client
Hex : 46 43 20 Ascii : FC
Server to Client
Server requests password.
Hex : 57 48 41 54 49 53 49 54 Ascii : WHATISIT
Data Transfered upon Completed Connection <1.6 : 
Client to Server
Hex : 46 43 20 Ascii : FC
Server to Client
Hex : 57 48 41 54 49 53 49 54 Ascii : WHATISIT 
Attempted Connection : 
Source port: 1000<1300
Destination port: 146
Packet size: 62
Packet data: 
0000: 44 45 53 54 00 00 20 53 52 43 00 00 08 00 45 00 
0010: 00 30 34 1D 40 00 76 06 87 7C C2 6A F1 EF D4 18 
0020: C0 BB 04 F8 00 92 00 B8 7B 4F 00 00 00 00 70 02 
0030: 20 00 9B FB 00 00 02 04 02 18 01 01 04 02
 

 Background 
Backdoor.Infector1.x
Client _made_ an connection to the server, the server requests a Password.
More information :
http://www.tlsecurity.net/backdoor/Infector.backdoor.html  

 Credits 
Thierry of tlsecurity.net: signature based on analysis of trojan traffic.  

 Contributor 
webmaster@tlsecurity.net  

  Event Summary... (summary, cross reference, classification)
  Protocol details... (ip header, tcp/udp/icmp header, payload data)
  IDS Signatures... (dynamically generated signatures for free and commercial IDS)
 

Copyright © 2001 Whitehats, Inc. All rights reserved.


explain the meaning of the fields  

© 2001 Whitehats, Inc. All rights reserved. Contact Us