Security Incidents mailing list archives
Re: Weird UDP trafic
From: "George Bakos" <alpinista () bigfoot com>
Date: Thu, 12 Jul 2001 17:07:58 -0700
Try fport from: http://www.foundstone.com/rdlabs/tools.php?category=Forensic or sysinternals' tdimon. Nice paper on using fport at: http://www.sans.org/infosecFAQ/sysadmin/fport.htm gb On 10 Jul 2001, at 15:00, Jacques Exelrud wrote:
I'm using ZoneAlarm on a machine. Starting some days ago the alert log started to show a UDP connection from my machine to my machine (denied by ZoneAlamr) The UDP port is 10000.
<-------snip----------->
Some of the are known but other are, at least, suspicious. Any sugestions on how to find who owns those ports ? ZoneAlarm does not bother me with them so I suspect that who owns them is services.exe or other Win200 program that have been allowed to act like a server. Thanks in advance, Jacques
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Weird UDP trafic Jacques Exelrud (Jul 11)
- Re: Weird UDP trafic Captain James T Kirk (Jul 11)
- Re: Weird UDP trafic sarnold (Jul 11)
- Re: Weird UDP trafic George Bakos (Jul 12)
- Re: Weird UDP trafic Rajeev Kumar (Jul 12)
- <Possible follow-ups>
- Re: Weird UDP trafic bludclot (Jul 11)