Firewall Wizards mailing list archives
Re: IRC ports open on NT4?
From: m p <sumirati () yahoo de>
Date: Tue, 24 Jul 2001 20:46:02 +0200 (CEST)
Hi Philip, i read to late that you discovered already what was going on. The port usage of the UPS service was new to me. I don't know if every trojan/DDoS client written at home is 'known' by public. So i send you the link to Gibsons page about what can be done on this port. Nothing more was meant. And yes, computer security industry lives from giving the people a feeling of danger. (Like selling someone an insurance ;)) Steve is fighting his private war. I'm not in the position to judge about it. I mentioned the page only to bring the idea of this possible "trojan/DDoS attack" to you. Best regards, Marc --- "Philip J. Koenig" <pjklist () ekahuna com> schrieb: > As much as I think Steve Gibson has done some good things, I think
his crusade on the denial-of-service stuff gets more self-serving by the day. It's a nice tutorial for people that don't know what DoS is all about (especially all those home users with broadband connections whose machines often get used as zombies), but when all is said and done, he profits from the hysteria he generates too. Seems to be a common topic these days in the security industry. The Register sums it up nicely by comparing it to the mafia: implicitly threatening you while simultaneously charging you protection money. The antivirus companies have been accused of this for years, and now we have all the "bug hunters" who can't seem to wait 5 minutes before shouting from all the rooftops about some newly-discovered vulnerability. Many of them seem only to have their own notoriety in mind. Phil (PS: We already concluded the ports were opened by APC's PowerChute UPS monitoring software.) On 24 Jul 2001, at 19:24, m p boldly uttered:Hi Phili, take a look at http://grc.com/dos/grcdos.htm It is a nice description about new flooding networks build by variouspeople onthe net. And how they are used. Just my 2 Cent Marc --- "Philip J. Koenig" <pjklist () ekahuna com> schrieb: > Have somesuspiciousstuff going on at a site and in my initialinvestigation I went to an NT server there and typed 'netstat -an' to see what was open, and found these curious entries: TCP 0.0.0.0:6666 0.0.0.0:0 LISTENING TCP 0.0.0.0:6667 0.0.0.0:0 LISTENING [...] TCP 127.0.0.1:6667 127.0.0.1:1043 ESTABLISHED TCP 127.0.0.1:6666 127.0.0.1:1043 ESTABLISHED That box runs the following services: Post.office (SMTP MTA), Interscan Viruswall, Filemaker Pro Server, and PC Anywhere host. There is no IRC server on that box, and the Microsoft NNTP service is not running. Why would it be listening on IRC ports? Thanks, Phil-- Philip J. Koenig pjklist () ekahuna com Electric Kahuna Systems -- Computers & Communications for the New Millenium
__________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- IRC ports open on NT4? Philip J. Koenig (Jul 15)
- Re: IRC ports open on NT4? R. DuFresne (Jul 16)
- Re: IRC ports open on NT4? hermit1 (Jul 16)
- Re: IRC ports open on NT4? Jan P Tietze (Jul 16)
- Re: IRC ports open on NT4? Philip J. Koenig (Jul 16)
- Re: IRC ports open on NT4? bacano (Jul 17)
- Re: IRC ports open on NT4? m p (Jul 25)
- Re: IRC ports open on NT4? Philip J. Koenig (Jul 25)
- Re: IRC ports open on NT4? m p (Jul 25)
- Re: IRC ports open on NT4? Philip J. Koenig (Jul 25)
- <Possible follow-ups>
- Re: IRC ports open on NT4? Philip J. Koenig (Jul 16)
- Re: IRC ports open on NT4? Andrew Cogger (Jul 16)
- Re: IRC ports open on NT4? rob . roberson (Jul 16)