|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Port Zero
From: Andrew Simmons (asimmons
messagelabs.com)
Date: Tue Jul 19 2005 - 09:46:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
nony101last.za.net wrote:
> I had in incident yesterday (18 June 2005),
I guess you meant July :)
>where a client's Windows box listed almost every possible port as open,
>listening in the same way described above. Similiar netstat -an output
>as above. From my experience this isn't normal.
>
ditto
> A few hours later the machine rapidly starting sending packets to
> random addresses on port 443.
>
I guess you mean "apparently random" in that you couldn't see a
pattern... were the IPs probed running HTTPS servers? Did you get a
packet capture? Was there any other traffic from this machine - ICMP?
\a
(speaking for myself only)
--
Andrew Simmons
Technical Security Consultant
MessageLabs
Mobile: +44 (7917) 178745
asimmonsmessagelabs.com
www.messagelabs.com
MessageLabs - Be certain
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]