|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
dbroggy_at_manageworx.com
Date: Fri Jul 26 2002 - 11:55:41 CDT
Is this an Exchange Server? I don't recall the port numbers but I
know they were all UDP and an expensive call to Microsoft came
back as 'this is normal'. In my case they came from the MTA and
there is no adjustment.
----- Original Message -----
From: GabyHornik
lotus.iot.dtag.de
Date: Friday, July 26, 2002 4:08 am
Subject: Compromized Windows NT machine?
> Hello!
>
> Recently while looking over some firewall logs I encountered some
> strangetraffic from a WinNT machine.
> Every 90 minutes it tries to connect to a bulk of machines to port
> 4665(normally eDonkey clients).
> That alone isn't strange at all, but there's coming a bulk of
> other ports
> with it, in detail
> udp/smtp
> udp/8004
> udp/8665
> udp/7665
> udp/4765
> udp/84
> udp/2004
> udp/6890
> udp/28014
> udp/6670
>
> udp/smtp is coming nearly every minute, the rest every 90
minutes.
>
> Has anybody seen this before or can anybody identify this as a
trojan?
>
> Thanks, Gaby
>
>
> -------------------------------------------------------------------
> ---------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]