Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

TROJAN: Infector Server Response (Port 1024)

This signature detects TCP packets sent from local server port 146 to remote port 1024. This can indicate the system is responding to an attacker to confirm successful installation of the Trojan Infector. Infector, a remote administration Trojan similar to Back Orifice, allows attackers to access data and gain control over some functions on remote Microsoft Windows systems.

References

CVE: CVE-1999-0660

URL: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.surgeon.html http://www.glocksoft.com/trojan_list/Infector.htm

Short Name

SCAN:MISC:SVR-RES-S1024

Severity

Info

Recommended

False

Recommended Action

None

Category

SCAN

Keywords

(Port 1024) CVE-1999-0660 Infector Response Server

Release Date

04/22/2003

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3324

Port

TCP/146

False Positive

Rarely

CVSS Score

8.8