Security Incidents mailing list archives
Re: Think I've got trouble
From: "Nexus" <nexus () patrol i-way co uk>
Date: Wed, 9 Jan 2002 21:57:47 -0000
As they are all > 1024 they _could_ be anything - there was a thread recently that dealt with identifying what programs were listening on what ports. Some of these are : Foundstones FPort http://www.foundstone.com/rdlabs/tools.php?category=Forensic TCPView Pro http://www.winternals.com/products/monitoringtools/tcpviewpro.asp Inzider http://www.ntsecurity.nu/toolbox/inzider The whole thread is at http://www.securityfocus.com/cgi-bin/archive.pl?id=75&start=2002-01-06&end=2 002-01-12&threads=1&tid=246422 Cheers. ----- Original Message ----- From: "Katherine Ogden" <kogden () 4cd net> To: <incidents () securityfocus com> Sent: Wednesday, January 09, 2002 5:00 PM Subject: Think I've got trouble
We began having trouble with our exchange server. For no reason we could pin down the OWA would throw up an error and stop the www service. Being the slightly paranoid sort I downloaded Retina and ran it against the email server. It showed the usual things but it also showed Port 1058 - Nim Port 1090 - Xtreme Two other exchange servers show these ports open. Port 1042 - Bla Port 1059 - Nimreg Two questions. Does anybody know what these are? And am I right in assuming that these machines have been compromised and will need to be rebuilt? Thank you for the help. --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Think I've got trouble Katherine Ogden (Jan 09)
- Re: Think I've got trouble Hugo van der Kooij (Jan 09)
- Re: Think I've got trouble Nexus (Jan 09)
- <Possible follow-ups>
- RE: Think I've got trouble Andrew Blevins (Jan 09)
- RE: Think I've got trouble Frank Knobbe (Jan 09)