Firewall Wizards mailing list archives
Strange outbound connections.
From: "George J. Jahchan, Eng." <Firewall-Wizards () Compucenter org>
Date: Tue, 26 Aug 2003 12:48:26 +0300
On a Win2K Pro station, I am seeing in the packet filter log a couple of times a day blocked outbound UDP connection attempts, always from port source port 17664 on LAN IP to the IP addresses of DNS Servers on the Internet (configured in TCP/IP DNS network settings), ports 66, 70 (majority of attempts) and 113. The anti-virus with up-to-date definitions says the system is clean. The system is on a 3-station + Win2K DC LAN, with no WAN connections. Packet filter policy (stateful) is to explicitly allow connections from/to valid services + LAN IP address combos (only the used addresses + broadcast address), all else being denied and logged. An audit of running processes did not reveal anything that raised suspicion. I strongly suspect a trojan lurking in the system. Any idea(s) on how to nail down the culprit? TIA _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Strange outbound connections. George J. Jahchan, Eng. (Aug 26)
- RE: Strange outbound connections. Ben Nagy (Aug 27)
- RE: Strange outbound connections. Tony Miedaner (Aug 28)
- RE: Strange outbound connections. Ben Nagy (Aug 27)