[ale] UDP port 11011, anyone know what it is?

Greg Freemyer greg.freemyer at gmail.com
Tue Feb 23 09:38:56 EST 2010


On Tue, Feb 23, 2010 at 3:40 AM, Michael B. Trausch <mike at trausch.us> wrote:
> I am seeing some _really_ suspect net activity at a client site, and am
> finding little.  (Note, net is a Windows net---that's out of my hands,
> unfortunately.)
>
> Does anyone know what UDP 11011 is used for and why a system would be
> sending packets to different machines at a regular (30 second) interval
> on that port?  I have yet to make any sense of the data in the packets.
>
>        --- Mike

A couple minutes with google shows that a backdoor trojan called
Amanda uses that port on the TCP side.

http://www.2-spyware.com/remove-amanda-trojan.html

Never heard of it before, but worth looking into.  Maybe it grew UDP
usage as well.

btw: is there a lsof equivalent for windows which will show you which
task is using the port?  If so you can sent the executable to
virustotal.com as one example to see if it is known bad.

Greg



More information about the Ale mailing list