Security Incidents: Re: Weird UDP trafic

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Weird UDP trafic

From: "George Bakos" <alpinista () bigfoot com>
Date: Thu, 12 Jul 2001 17:07:58 -0700

Try fport from:
http://www.foundstone.com/rdlabs/tools.php?category=Forensic

or sysinternals' tdimon.

Nice paper on using fport at:
http://www.sans.org/infosecFAQ/sysadmin/fport.htm

gb

On 10 Jul 2001, at 15:00, Jacques Exelrud wrote:

      I'm using ZoneAlarm on a machine. Starting some days ago the alert log
started to show a UDP connection from my machine to my machine (denied by
ZoneAlamr)
      The UDP port is 10000.


<-------snip----------->


      Some of the are known but other are, at least, suspicious.

      Any sugestions on how to find who owns those ports ? ZoneAlarm does not
bother me with them so I suspect that who owns them is services.exe or other
Win200 program that have been allowed to act like a server.

      Thanks in advance,
      Jacques




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

By Date By Thread

Current thread:

Weird UDP trafic Jacques Exelrud (Jul 11)
- Re: Weird UDP trafic Captain James T Kirk (Jul 11)
- Re: Weird UDP trafic sarnold (Jul 11)
- Re: Weird UDP trafic George Bakos (Jul 12)
- Re: Weird UDP trafic Rajeev Kumar (Jul 12)
- <Possible follow-ups>
- Re: Weird UDP trafic bludclot (Jul 11)