|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frank Knobbe (fknobbe_at_knobbeits.com)
Date: Fri Jul 26 2002 - 23:01:31 CDT
Why don't you run fport.exe (downloadable from FoundStone) to find out
which applications are listening on these ports? That should tell you if
it's a normal executable or some 'strange new code'.
Regards,
Frank
On Fri, 2002-07-26 at 04:08, GabyHornik
lotus.iot.dtag.de wrote:
> Hello!
>
> Recently while looking over some firewall logs I encountered some strange
> traffic from a WinNT machine.
> Every 90 minutes it tries to connect to a bulk of machines to port 4665
> (normally eDonkey clients).
> That alone isn't strange at all, but there's coming a bulk of other ports
> with it, in detail
> udp/smtp
> udp/8004
> udp/8665
> udp/7665
> udp/4765
> udp/84
> udp/2004
> udp/6890
> udp/28014
> udp/6670
>
> udp/smtp is coming nearly every minute, the rest every 90 minutes.
>
> Has anybody seen this before or can anybody identify this as a trojan?
>
> Thanks, Gaby
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iQCVAwUAPUIbG7+0ijK5TGa5AQJ25wP/ZsAUgBhLk2JGyq89H1VduSdpIztUvmD7
gdDshY/qB5WpvuUHcNpsRkNsNxvuU1VNHjB4pwEElBKMOq2b2MRMWdyFr1jBkmO7
tmgikK8wU6mTQRCT0EPUjkNw+zJTBbrhWi4AhNe82udTPTnewM/e5USOqi8O/GJd
Ozt5tJ+40aI=
=usez
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]