Security Basics mailing list archives
RE: Increase in traffic on port 20480 and 6667
From: Chris Santerre <csanterre () MerchantsOverseas com>
Date: Thu, 17 Oct 2002 14:41:30 -0400
port 6666-6668 is also used by APC UPS software to manage the UPS. This drove me nuts until I found out :) But your actually seeing traffic.. So my best guess is that this is IRC related. Which doesn't mean it's not a virus or trojan! Many DDOS programs use irc for controlling the zombies. Clean out that 192.168.0.199 machine. Also try using filemon from sysinternals.com on it to find out what is running. Chris -----Original Message----- From: Kip Sr. [mailto:kipsr1 () yahoo com] Sent: Thursday, October 10, 2002 3:16 PM To: security-basics () securityfocus com Subject: Increase in traffic on port 20480 and 6667 Hi there, In the past few days, my IDS has been picking up traffic coming from port 20480 (on Internet servers) to port 6667 (internal desktops). Both ports are commonly used by trojan horse programs. Has anyone else seens this? 10/10-11:50:01.977897 204.x.x.x:20480 -> 192.168.0.199:6667 TCP TTL:255 TOS:0x10 ID:0 IpLen:20 DgmLen:195 Thanks, Kip Sr. __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com
Current thread:
- Increase in traffic on port 20480 and 6667 Kip Sr. (Oct 15)
- Re: Increase in traffic on port 20480 and 6667 dsardina (Oct 17)
- Re: Increase in traffic on port 20480 and 6667 Pez Mohr (Oct 17)
- <Possible follow-ups>
- Re: Increase in traffic on port 20480 and 6667 KoRe MeLtDoWn (Oct 17)
- RE: Increase in traffic on port 20480 and 6667 Joey Teel (Oct 17)
- Re: Increase in traffic on port 20480 and 6667 Johan De Meersman (Oct 18)
- RE: Increase in traffic on port 20480 and 6667 Trevor Cushen (Oct 17)
- RE: Increase in traffic on port 20480 and 6667 Chris Santerre (Oct 17)
- Re: Increase in traffic on port 20480 and 6667 dsardina (Oct 17)