Re: IRC ports open on NT4?

["R. DuFresne" <dufresne () sysinfo com>]

Let's see, NT, with pc anywhere and other apps, showing a hidden IRC
server, sure looks like it's a compromised system.  Looks like it needs to
be taken offline for a thourough audit.  What ports is pc anywhere
listening on?

Thanks,

Ron DuFresne

On Sun, 15 Jul 2001, Philip J. Koenig wrote:

> Have some suspicious stuff going on at a site and in my initial 
> investigation I went to an NT server there and typed 'netstat -an' to 
> see what was open, and found these curious entries:
>
> TCP   0.0.0.0:6666            0.0.0.0:0                       LISTENING
> TCP   0.0.0.0:6667            0.0.0.0:0                       LISTENING
> [...]
> TCP   127.0.0.1:6667          127.0.0.1:1043          ESTABLISHED
> TCP   127.0.0.1:6666          127.0.0.1:1043          ESTABLISHED
>
> That box runs the following services: Post.office (SMTP MTA), 
> Interscan Viruswall, Filemaker Pro Server, and PC Anywhere host.
>
> There is no IRC server on that box, and the Microsoft NNTP service is 
> not running.  Why would it be listening on IRC ports?
>
> Thanks,
>
>
> Phil
>
>
>
> --
> Philip J. Koenig                                       pjklist () ekahuna com
> Electric Kahuna Systems -- Computers & Communications for the New Millenium
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://www.nfr.com/mailman/listinfo/firewall-wizards

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards