Is this an extrusion attempt to send outgoing data?

General discussions about Little Snitch
Post Reply
LSUser

Is this an extrusion attempt to send outgoing data?

Post by LSUser » Sat Sep 15, 2007 5:23 am

LS detected something trying to link to this url.

http://unix-01.comprehendit.co.za:3000/ ... t.html?-99

I told LS to block it but wondering: does it look like something caused by some sort of trojan or virus or could it be from an app or something like that?

Today I had to manually reset all LS to default settings so I lost all our customized blocks.

This site and format however did not look familiar and looked sinister to me because of the port among other things -- does it mean anything to anyone, Johann perhaps?

I think I will also post at ClamXAV board to see if anyone there recognizes anything.

Any knowledge welcome.

Guest

Post by Guest » Sat Sep 15, 2007 5:25 am

also another time it tried to link to the same url but ending with ?2

unix-01.comprehendit.co.za:3000/sortDataSentThpt.html?2

just fwiw/fyi

Guest

Post by Guest » Sat Sep 15, 2007 6:18 am

Anonymous wrote:also another time it tried to link to the same url but ending with ?2

unix-01.comprehendit.co.za:3000/sortDataSentThpt.html?2

just fwiw/fyi



I just checked

https://www.grc.com/port_3000.htm
Port Authority Database at GRC.com's Shields Up! and it says

Port 3000
Name: remoteware-cl

Purpose: RemoteWare Client
Background and Additional Information:

Trojan Sightings: InetSpy, Remote Shut



GRC.com Shields Up http://www.grc.com/default.htm is a good place to test your firewall for stealth / invisibility

Post Reply