Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Security problem in installation IE sp1 ?

From: "Honza.K" <honza.dforum () seznam cz>
Date: Thu, 17 Oct 2002 10:10:52 +0200
Hello all


i found very strange thing when i install Internet Explorer SP1.

I'm download from www.microsoft.com/downloads/
ie6setup.exe install program. After download and start this program,
 install wizard start automatic download. I'm looking on the Firewall
 and ie6wzd.exe have open connection to any 62.54.250.120 server.
 Downloading was slowly and i haven't time. So i stop automatic
 installation. That is ok. But install program show message about
 canceling with messege (you must wait several minute .. bla bla.)
 I'm looking on my firewall again and i found very strange thing:

 program ie6setup.exe have open connection to IP 210.117.67.218 and
 port 8080 (probably any proxy).

 what is it ?

 i open scan to this machine :

* + 210.117.67.218   [Unknown]
        |___    23  Telnet
                |___ ........#..'..$
        |___    25  Simple Mail Transfer
                |___ 220 icache8 ESMTP Sendmail 8.11.6+Sun/8.11.6; Thu, 17 Oct 2002 17:11:14 +0900 (KST)..
        |___    80  World Wide Web HTTP
        |___   111  SUN Remote Procedure Call
        |___  1720  h323hostcall
        |___  8080  Standard HTTP Proxy

This is computer/server with os Sun 5.7 ?. Microsoft and SUN ?
This isn't posible
        
Program no.     Name            Version Protocol        Port

(100000)        portmapper      4       TCP             111
(100000)        portmapper      3       TCP             222
(100000)        portmapper      2       TCP             333
(100000)        portmapper      4       UDP             444
(100000)        portmapper      3       UDP             555
(100000)        portmapper      2       UDP             666
(100021)        nlockmgr        1       UDP             4045
(100021)        nlockmgr        2       UDP             4045
(100021)        nlockmgr        3       UDP             4045
(100021)        nlockmgr        4       UDP             4045
(100024)        status          1       UDP             32773
(100024)        status          1       TCP             32771
(100389)        1       UDP             32773
(100389)        1       TCP             32771
(100021)        nlockmgr        1       TCP             4045
(100021)        nlockmgr        2       TCP             4045
(100021)        nlockmgr        3       TCP             4045
(100021)        nlockmgr        4       TCP             4045


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: