|
Security Incidents
mailing list archives
Re: Compromized Windows NT machine?
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 26 Jul 2002 23:01:31 -0500
Why don't you run fport.exe (downloadable from FoundStone) to find out
which applications are listening on these ports? That should tell you if
it's a normal executable or some 'strange new code'.
Regards,
Frank
On Fri, 2002-07-26 at 04:08, GabyHornik () lotus iot dtag de wrote:
Hello!
Recently while looking over some firewall logs I encountered some strange
traffic from a WinNT machine.
Every 90 minutes it tries to connect to a bulk of machines to port 4665
(normally eDonkey clients).
That alone isn't strange at all, but there's coming a bulk of other ports
with it, in detail
udp/smtp
udp/8004
udp/8665
udp/7665
udp/4765
udp/84
udp/2004
udp/6890
udp/28014
udp/6670
udp/smtp is coming nearly every minute, the rest every 90 minutes.
Has anybody seen this before or can anybody identify this as a trojan?
Thanks, Gaby
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Attachment:
signature.asc
Description: This is a digitally signed message part
 By Date 
By Thread
Current thread:
| 
Intro
