Possible security issue?

Discussion in 'other security issues & news' started by Comp01, Oct 19, 2003.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Ok, I was test drving TDS-3 and TrojanHunter (trying to decide which one) I had loaded the demo trojan thats available on this site, and was testing it with that, I then went to test TrojanHunter again, got busy, turned off trojan hunter, and forgot about the demo trojan, then, after doing a port scan, I found I was going about the internet (On IRC, browsing the web, etc) While TCP port 65 was OPEN! somehow, The Demo trojan server opened the port, because as soona s I unloaded it, it closed again :doubt: wa sI at risk? is there a possibilty I was hacked, what?
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Are you talking about the TrojanSimulator.zip from http://www.wilders.org/downloads.htm?

    That file was made by Magnus Mischel the creator of Trojan Hunter and a person we believe is above reproach.

    I just downloaded and tested with it and I don't see it opening any ports on my system. Perhaps others who have used that simulator can confirm whether it attempts to use an "open port" as a trojan simulation method... :doubt:

    Did you actually use a port to process mapper to see if the trojan simulator was holding the port open, or did you assume it was because it was gone after you closed the program?
     
  3. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yes, thats the simulator, and yeah, I did assume it was because of it, due to it stopped after closing the program.. I wasnt online at the time I was doing the test, I was scanning over for trojans, and it said "Port 65 open." or something, then I killed the process, and done another scan, found nothing, went to Shields up, it was complete stealth :doubt:
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Yeah, it is hard to say what is was... :doubt:

    From my quick tests the simulator doesn't appear to open any ports, thus my answer above. But, let's see what others have to say. If not the simulator, then perhaps doing a couple quick scans with the products you are evaluating (since you have them) is in order. Just in case. (You never know ;) )
     
  5. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yeah, I'll scan over with TDS-3 and TrojanHunter.. And then do another Shields Up test..
     
Loading...
Thread Status:
Not open for further replies.