Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

TROJAN: BackConstruction Connection

This signature detects outbound TCP connections that are using a local FTP server installed on ports 5400, 5401 and 5402. This can indicate that BackConstruction, a basic file server Trojan, is in use on the network. Attackers can use a previously installed FTP server to upload/download files.

Extended Description

A remote attacker could take control of the system.

References

CVE: CVE-1999-0660

URL: http://www.glocksoft.com/trojan_list/Back_Construction.htm http://www.pestpatrol.com/PestInfo/b/back_construction.asp

Short Name

TROJAN:BACKCONSTR:CONNECTION

Severity

Minor

Recommended

False

Recommended Action

Drop

Category

TROJAN

Keywords

BackConstruction CVE-1999-0660 Connection

Release Date

04/22/2003

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3725

Port

TCP/5400-5402

False Positive

Unknown

CVSS Score

8.8