Signature Detail

TROJAN: NetSphere Server Response (TCP/30100)

This signature detects TCP packets sent from local server port 30100 to a remote port. This can indicate the system is responding to an attacker to confirm successful installation of the Trojan NetSphere. NetSphere, a remote administration Trojan, allows attackers to access data and gain control over some functions on remote Microsoft Windows systems.

Extended Description

NetSphere is a Trojan that enables remote attackers to perform dangerous actions on an infected system, such as accessing and manipulating the file system.

References

• CVE: CVE-1999-0660
• URL: http://advice.networkice.com/Advice/Intrusions/2001523/default.htm
• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln809.html
• URL: http://www.glocksoft.com/trojan_list/NetSphere.htm