Signature Detail

Short Name	TROJAN:BACKCONSTR:FTP-PORT-OPEN
Severity	High
Recommended	No
Recommended Action	Drop
Category	TROJAN
Keywords	TROJAN
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TROJAN BackConstruction FTP Port-Open Reply

This signature detects the command string "ftp open" within a TCP packet sent from a local FTP server installed on port 666. This can indicate that BackConstruction, a basic file server Trojan, is in use on the network. Attackers can use a previously installed FTP server to upload/download files.

Extended Description

BackConstruction is a Trojan that infects Windows operating systems. It allows an attacker to take control of the victim host.

References

CVE: CVE-1999-0660
URL: http://www.digitaltrust.it/arachnids/IDS508/signatures.html
URL: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075532

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

TROJAN BackConstruction FTP Port-Open Reply

Extended Description

References