Subject: Re: tcp port 999
From: civileme (civileme@civileme.net)
Date: Sun Aug 11 2002 - 22:24:52 AKDT
Adam Elkins wrote:
>I did a nmap scan on a buddies pc, tcp port 999 was open, and 'garcon'
>was the service listed. I can't find any info related to 'garcon', other
>than it uses port 999. I found the Deep Throat Trojan uses port 999,
>could garcon be a offshoot of that? (He's runing XP)
>
>Adam
>
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
The id came from
http://www.efnet.org/software/bots/pbotty/Pbotty-v1.1F/PostgreSQL/ports.txt
which identified 999 as the home of the garcon bot.
garcon is not an offshoot of a trojan, but nmap probably doesn't know
positively what is there only the service that would normally be there.
And if he has XP on a 24/7 broadband it is quite likely that his
computer is slaved to some script kiddie. I think the lack of security
in windows makes a lot of unnecessary jobs, as in for virus writers and
network admins, and certainly gives credence to the effort to make a
TCPA. Of course I don't think they are that intelligent, the original
lack of security was to make Microsoft apps have a competitive edge over
other apps and the lack of security was incidental, but these days it is
a gold mine and a justification for locking up everything forever.
Civileme
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Sun Aug 11 2002 - 22:24:56 AKDT