Firewall Wizards mailing list archives
Re: IRC ports open on NT4?
From: "bacano" <bacano () esoterica pt>
Date: Mon, 16 Jul 2001 16:49:36 +0100
Hi2all I hope it's not the case, but here is some known trojans for those ports: port 6666 Dark Connection Inside, NetBus worm port 6667 Dark FTP, ScheduleAgent, SubSeven, Subseven 2.1.4 DefCon 8, Trinity, WinSatan Reference: http://www.simovits.com/trojans/tr_data/y308.html - Dark Connection Inside http://www.simovits.com/trojans/tr_data/y882.html - NetBus worm http://www.simovits.com/trojans/tr_data/y309.html - Dark FTP http://www.simovits.com/trojans/tr_data/y1139.html - ScheduleAgent http://www.simovits.com/trojans/tr_data/y1264.html - SubSeven http://www.simovits.com/trojans/tr_data/y1266.html - Subseven 2.1.4 DefCon 8 http://www.simovits.com/trojans/tr_data/y1376.html - Trinity http://www.simovits.com/trojans/tr_data/y1478.html - WinSatan [ ]'s bacano ----- Original Message ----- From: "Philip J. Koenig" <pjklist () ekahuna com> To: <firewall-wizards () nfr com> Sent: Sunday, July 15, 2001 12:58 PM Subject: [fw-wiz] IRC ports open on NT4?
Have some suspicious stuff going on at a site and in my initial investigation I went to an NT server there and typed 'netstat -an' to see what was open, and found these curious entries: TCP 0.0.0.0:6666 0.0.0.0:0 LISTENING TCP 0.0.0.0:6667 0.0.0.0:0 LISTENING [...] TCP 127.0.0.1:6667 127.0.0.1:1043 ESTABLISHED TCP 127.0.0.1:6666 127.0.0.1:1043 ESTABLISHED That box runs the following services: Post.office (SMTP MTA), Interscan Viruswall, Filemaker Pro Server, and PC Anywhere host. There is no IRC server on that box, and the Microsoft NNTP service is not running. Why would it be listening on IRC ports? Thanks, Phil -- Philip J. Koenig pjklist () ekahuna com Electric Kahuna Systems -- Computers & Communications for the New
Millenium
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- IRC ports open on NT4? Philip J. Koenig (Jul 15)
- Re: IRC ports open on NT4? R. DuFresne (Jul 16)
- Re: IRC ports open on NT4? hermit1 (Jul 16)
- Re: IRC ports open on NT4? Jan P Tietze (Jul 16)
- Re: IRC ports open on NT4? Philip J. Koenig (Jul 16)
- Re: IRC ports open on NT4? bacano (Jul 17)
- Re: IRC ports open on NT4? m p (Jul 25)
- Re: IRC ports open on NT4? Philip J. Koenig (Jul 25)
- Re: IRC ports open on NT4? m p (Jul 25)
- Re: IRC ports open on NT4? Philip J. Koenig (Jul 25)
- <Possible follow-ups>
- Re: IRC ports open on NT4? Philip J. Koenig (Jul 16)
- Re: IRC ports open on NT4? Andrew Cogger (Jul 16)
- Re: IRC ports open on NT4? rob . roberson (Jul 16)