Full Disclosure mailing list archives
RE: strange traffic ?
From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh () online gateway technolabs net>
Date: Sat, 27 Mar 2004 10:31:43 +0530
to rutz () IT-SupportCenter com : the sniffer that i has was only logging the headers and not the actual data ... so i cannot help you there, now have configured it to log all such traffic, will come back if i manage to capture any packet data also the jono () microshaft org netcat idea is good as suggested but i am already using ethereal so i will be able to have exactly what we are looking for ... and i agree with the jimmy.kuijpers () swift com saying that this might a virus like on port 4444 from a whole list of them. michaelx.ham () intel com, some version of W32.Blaster.Worm: ok but since i am already patched 039 patch even then there are attempts to connect to port 4444, i thought that after 139 vertor failed there was no 4444 connect attempt... nicola () delvacchio it: this traffic is comming from the internet and this machine is on a public internet ip. and machine is protected by firewalls like kerio and sygate along with netbios and other carp disconnected from the public ip iss () uni de: this is port 139 ( confirmed again ) .... and not port 135 and the initial connect attempt on port 139 is attack vertor. this used to occur only when i used to bring down sygate firewall... there are other firewalls that prevent the comprmise and the sinffer is capturing the data.... thanks for the answers, will get back to the list when i have any packet data captured with other details also like the machine name / ip and period of connections and frequency. - this raised my suspicions because the frequency of the connect attempts on port 139 followed by multiple attempts on port 4444 thanks guys once again. -aditya ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- strange traffic ? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 26)
- Re: strange traffic ? KUIJPERS Jimmy (Mar 26)
- RE: strange traffic ? iss (Mar 26)
- Re: strange traffic ? Nicola Del Vacchio (Mar 26)
- Re: strange traffic ? Jack (Mar 26)
- RE: strange traffic ? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 27)
- <Possible follow-ups>
- RE: strange traffic ? Utz, Ralph (Mar 26)
- RE: strange traffic ? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 27)