Security Incidents mailing list archives
Re: Compromized Windows NT machine?
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 26 Jul 2002 23:01:31 -0500
Why don't you run fport.exe (downloadable from FoundStone) to find out which applications are listening on these ports? That should tell you if it's a normal executable or some 'strange new code'. Regards, Frank On Fri, 2002-07-26 at 04:08, GabyHornik () lotus iot dtag de wrote:
Hello! Recently while looking over some firewall logs I encountered some strange traffic from a WinNT machine. Every 90 minutes it tries to connect to a bulk of machines to port 4665 (normally eDonkey clients). That alone isn't strange at all, but there's coming a bulk of other ports with it, in detail udp/smtp udp/8004 udp/8665 udp/7665 udp/4765 udp/84 udp/2004 udp/6890 udp/28014 udp/6670 udp/smtp is coming nearly every minute, the rest every 90 minutes. Has anybody seen this before or can anybody identify this as a trojan? Thanks, Gaby ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Compromized Windows NT machine? GabyHornik (Jul 26)
- Re: Compromized Windows NT machine? Frank Knobbe (Jul 29)
- <Possible follow-ups>
- Re: Compromized Windows NT machine? dbroggy (Jul 26)