Security Incidents mailing list archives

Re: Port 109 Mystery

From: Douglas Brown <dugbrown () email unc edu>
Date: Thu, 13 Mar 2003 10:54:00 -0500

Thanks to all who wrote to me off list - I've provided the administrator
with another laundry list to follow.  The consensus seems to be that
this is a "Windows Kernel root kit", booting the server in safe mode
should help tracking it down.  As I get more details from the folks on
the ground I'll provide them back to the list.

Thanks again to everyone,
-Doug
--
Douglas Brown, CISSP
Manager of Security Resources
UNC Chapel Hill
Abernethy 105
"what can Brown do for you?"
        


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

Port 109 Mystery Douglas Brown (Mar 12)
- Re: Port 109 Mystery Loki (Mar 12)
- RE: Port 109 Mystery James C Slora Jr (Mar 13)
- Re: [unisog] Port 109 Mystery Andy Polyakov (Mar 13)
- <Possible follow-ups>
- Re: Port 109 Mystery Douglas Brown (Mar 13)