North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: tcp port 8311?

  • From: Dean Robb
  • Date: Wed May 03 02:15:00 2000

At 11:38 AM 5/2/00 -0500, Brent Sweeny wrote:
>we're seeing what appears to be a new large stream of data going outbound
>on tcp port 8311 and we can't identify a corresponding new application--
>destinations are varied, with streams in the range of 50-100MBs each.
>Do any of you have any ideas what this is, and where to find out more
>about it?  is this a new Napster?
>  thanks,

I've run into a couple of Visual Basic trojans in the last few weeks that
are sending a list of the client's drives' files to the hacker's machines.
They've both connected at times the machines were untended and transmitted
over 10Megs of data.  Unable to trace the virus (neither machine was
protected) but in both cases a logfile was left behind by the trojan
showing the connection, timestamps and amount of data transmitted.
Unfortunately, the recieving number/IP wasn't listed.  

Mayhap this is a possibility?  

"Microsoft is not a monopoly!" - Bill Gates   "HA!" - Judge Jackson

Dean Robb
Owner, PC-EASY 
(757) 495-EASY [3279]
On-site computer services
Member, ICANN @Large