[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] UDP port 11011, anyone know what it is?

Subject: [ale] UDP port 11011, anyone know what it is?
From: greg.freemyer at gmail.com (Greg Freemyer)
Date: Tue, 23 Feb 2010 09:38:56 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

On Tue, Feb 23, 2010 at 3:40 AM, Michael B. Trausch <mike at trausch.us> wrote:
> I am seeing some _really_ suspect net activity at a client site, and am
> finding little. ?(Note, net is a Windows net---that's out of my hands,
> unfortunately.)
>
> Does anyone know what UDP 11011 is used for and why a system would be
> sending packets to different machines at a regular (30 second) interval
> on that port? ?I have yet to make any sense of the data in the packets.
>
> ? ? ? ?--- Mike

A couple minutes with google shows that a backdoor trojan called
Amanda uses that port on the TCP side.

http://www.2-spyware.com/remove-amanda-trojan.html

Never heard of it before, but worth looking into.  Maybe it grew UDP
usage as well.

btw: is there a lsof equivalent for windows which will show you which
task is using the port?  If so you can sent the executable to
virustotal.com as one example to see if it is known bad.

Greg

Follow-Ups:
- [ale] UDP port 11011, anyone know what it is?
  - From: tcarter at entrusion.com (Tony Carter)
- [ale] UDP port 11011, anyone know what it is?
  - From: mike at trausch.us (Michael B. Trausch)

References:
- [ale] UDP port 11011, anyone know what it is?
  - From: mike at trausch.us (Michael B. Trausch)

Prev by Date: [ale] UDP port 11011, anyone know what it is?
Next by Date: [ale] Suicide Linux
Previous by thread: [ale] UDP port 11011, anyone know what it is?
Next by thread: [ale] UDP port 11011, anyone know what it is?
Index(es):
- Date
- Thread