[ale] UDP port 11011, anyone know what it is?
Greg Freemyer
greg.freemyer at gmail.com
Tue Feb 23 09:38:56 EST 2010
On Tue, Feb 23, 2010 at 3:40 AM, Michael B. Trausch <mike at trausch.us> wrote:
> I am seeing some _really_ suspect net activity at a client site, and am
> finding little. (Note, net is a Windows net---that's out of my hands,
> unfortunately.)
>
> Does anyone know what UDP 11011 is used for and why a system would be
> sending packets to different machines at a regular (30 second) interval
> on that port? I have yet to make any sense of the data in the packets.
>
> --- Mike
A couple minutes with google shows that a backdoor trojan called
Amanda uses that port on the TCP side.
http://www.2-spyware.com/remove-amanda-trojan.html
Never heard of it before, but worth looking into. Maybe it grew UDP
usage as well.
btw: is there a lsof equivalent for windows which will show you which
task is using the port? If so you can sent the executable to
virustotal.com as one example to see if it is known bad.
Greg
More information about the Ale
mailing list