Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 9898 (tcp/udp) Attack Activity - Internet Security | DShield Port 9898 (tcp/udp) Attack Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port Information
Protocol Service Name
tcp dabber [trojan] Dabber Worm backdoor
tcp monkeycom MonkeyCom
udp monkeycom MonkeyCom
[get complete service list]
Port diary mentions
ISC DHCPD buffer overflow exploit code produced in the lab
Samba - Buffer Overrun, HP Remote Command Execution, Top 15 Worms, Hosts File, SasserDabber Activity
User Comments
Submitted By Date
2015-10-31 07:55:57
Port 9898 is also use by FileMaker Web Engine as a loop back Port to IIS
Shahjahan Khan 2012-09-06 01:15:50
TCP Port 9898 is also used by Tripwire Agent that install on servers to communicate Tripwire Enterprise Servers.
2006-12-31 08:10:43
Also used for TOC/TOC2 (The other AIM protocol), so could cause problems for users if blocked outbound.
Joel Esler 2004-05-18 22:17:32
9898 is one of the backdoor ports used in Sasser. Sasser opens an ftp server on port 9898.
Travis Biehn 2004-05-14 18:03:06
Used by the dabber worm as a backdoor.
Harald Weiss 2004-05-14 01:51:59
9898 TCP has been reported as beeing related to a Backdoor of the Dabber Virus : for more info
Bill McCarty 2004-02-26 19:07:55
On Feb 25, 2004, I logged several probes of tcp/3127 and tcp/9898. Apparently, there's some association between MyDoom, which plays with tcp/3127, and this port.
Add a comment
CVE Links
CVE # Description