TROJAN: CIA Backdoor v1.1-2.2
This signature identified communication exchange of the CIA backdoor during the session establishment process. Backdoor C.I.A is a backdoor client/server combination utilising multiple data-streams that lets you open a remote connection to another system running the server part of the backdoor via TCP on multiple ports starting at 5888 incrementing by 1000 for each subsequent session by default. The server default ports are fully configurable.
Extended Description
The CIA Trojan permits an attacker to seize full control of a victim host.
Short Name
TROJAN:MISC:TROJAN-CIA
Severity
Minor
Recommended
False
Recommended Action
None
Category
TROJAN
Keywords
Backdoor CIA CVE-1999-0660 v1.1-2.2
Release Date
02/15/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3538
Port
TCP/1024-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
CVSS Score
8.8