Security Incidents mailing list archives

RE: strange cmd.exe access

From: "Jeff Adams" <JAdams () NetCentrics com>
Date: Fri, 30 May 2003 18:13:11 -0400

what is strange is that the cmd.exe / root.exe stuff is half way 
through with some other code before it the ip it hit was not mapped to

anything ( I believe it is unused) so this can not have been part of 
another tcp converstion any ideas ?


I have been seeing similar odd cmd.exe packets as well.=20

It looks like part of a Code Red or a new variant.

Anyone else seeing the same?

----------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

strange cmd.exe access Q (May 30)
- <Possible follow-ups>
- RE: strange cmd.exe access James C. Slora, Jr. (May 30)
- RE: strange cmd.exe access Jeff Adams (May 30)