Security Incidents mailing list archives
Compromized Windows NT machine?
From: GabyHornik () lotus iot dtag de
Date: Fri, 26 Jul 2002 11:08:55 +0200
Hello! Recently while looking over some firewall logs I encountered some strange traffic from a WinNT machine. Every 90 minutes it tries to connect to a bulk of machines to port 4665 (normally eDonkey clients). That alone isn't strange at all, but there's coming a bulk of other ports with it, in detail udp/smtp udp/8004 udp/8665 udp/7665 udp/4765 udp/84 udp/2004 udp/6890 udp/28014 udp/6670 udp/smtp is coming nearly every minute, the rest every 90 minutes. Has anybody seen this before or can anybody identify this as a trojan? Thanks, Gaby ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Compromized Windows NT machine? GabyHornik (Jul 26)
- Re: Compromized Windows NT machine? Frank Knobbe (Jul 29)
- <Possible follow-ups>
- Re: Compromized Windows NT machine? dbroggy (Jul 26)