286
CDK port tcp/79 detection
Backdoors
2005/01/02
Marc Ruef
marc.ruef at computec.ch
http://www.computec.ch
computec.ch
1.0
tcp
79
open|sleep|send ypi0ca\n|close|pattern_exists bash
99
The NASL script is Copyright (C) 2000 Renaud Deraison
Configuration
The remote host appears to be running CDK, which is a backdoor that can be used to control your system. To use it, an attacker just has to connect onto this port, and send the password 'ypi0ca'. It is very likely that this host has been compromised
Restore your system from backups, contact CERT and your local authorities.
Approx. 2 days
Yes
Yes
Yes
High
3
7
9
6
Critical
Nessus can check this flaw with the plugin 10036 (CDK Detect).
CAN-1999-0660
10036
Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
http://www.computec.ch
