[Dshield] bagel activation probe

Andy Streule andy.streule at lythamhigh.lancs.sch.uk
Mon Mar 15 10:29:00 GMT 2004


I've had  the bagel backdoor port 2745 open on my honeypot for some time,
but havent seen anything at all happen until yesterday when it captured the
following sequence. 


000000 | 43 FF FF FF 30 30 30 01 0A 1F 2B 28 2B A1 32 01 | C...000...+(+.2.


which i suppose means nothing unless you have the actual backdoor installed.

~Andy


***************************************************************************
This e-mail is confidential and privileged.  If you are not the intended
recipient do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its content.
***************************************************************************

***************************************************************************
This email has been checked for known viruses. 
***************************************************************************




More information about the list mailing list