Security Incidents: Re: Backdoor ?? "Girlnextdoor

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028

From: Alexandru Balan <Jay () iNES RO>
Date: 05 Mar 2003 11:50:53 +0200

check what you have set as nameserver. girlnextdoor_ might be either a
result of DNS poisoning or just someone in your network connected to
your machine's services. The weird part would be that the remote port is
0. Did you know that you have _all_ of those services running ? 

On Fri, 2003-02-28 at 02:40, Salomao Barguil wrote:

Hi, 

Running netstat -a , I found a foreign address
"GirlNextDoor_" listening to ports TCP 1025/1028.

Can someone explain me what is going on this desktop ?

It's a Win2k/SP2 workstation with Mcafee antivirus and
ZoneAlarm.

Also, can you explain me the second set of
connections, foreign address "*:*" ? 

Thanks for your help,
Sal.

-------------------------------------------------------
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>netstat -a

Active Connections

  Proto  Local Address          Foreign Address       
State
  TCP    p4win2k:epmap          Girlnextdoor_:0       
LISTENING
  TCP    p4win2k:microsoft-ds   Girlnextdoor_:0       
LISTENING
  TCP    p4win2k:1025           Girlnextdoor_:0       
LISTENING
  TCP    p4win2k:1028           Girlnextdoor_:0       
LISTENING
  TCP    p4win2k:netbios-ssn    Girlnextdoor_:0       
LISTENING
  UDP    p4win2k:epmap          *:*
  UDP    p4win2k:microsoft-ds   *:*
  UDP    p4win2k:1027           *:*
  UDP    p4win2k:1030           *:*
  UDP    p4win2k:netbios-ns     *:*
  UDP    p4win2k:netbios-dgm    *:*
  UDP    p4win2k:isakmp         *:*

C:\>
-------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

-- 
The Virgin BOFH...
Linux Registered User #288905
Public GnuPG Key B760A432 available at
http://www.ines.ro/public_keys/jay.gpg

Attachment: signature.asc
Description: This is a digitally signed message part

By Date By Thread

Current thread:

Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Salomao Barguil (Mar 04)
- Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Alexandru Balan (Mar 05)
  - RE: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Robert (Mar 05)
    - Solved !! "Girlnextdoor_" TCP Ports 1025/1028 Salomao Barguil (Mar 07)
    - Re: Solved !! "Girlnextdoor_" TCP Ports 1025/1028 Nikunj Virani (Mar 10)
    - Re: Solved !! "Girlnextdoor_" TCP Ports 1025/1028 Harlan Carvey (Mar 10)
  - Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 H C (Mar 05)