[unisog] Apparent "encrypted" P2P botnet using port 8/tcp

Brian Eckman eckman at umn.edu
Sun Apr 30 15:12:58 GMT 2006


Dave Ellingsberg wrote:
>  Brian,
> 
> do you have the list of ips your seeing connections to?  and is this
> random port to port 8 or is it 8 to 8?
> 
> bigfoot.
<snip>

Dave,

I'm not going to share the list of IPs on a public list. However, I'd be
happy to answer your port question. The "server" side of the connection
is port 8. The client will use an ephemeral port number (remember, it
also has the server listening on port 8/tcp).

Brian


More information about the unisog mailing list