Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028
From: "Robert" <epic () surrealideas com>
Date: Wed, 5 Mar 2003 09:57:33 -0700
What about setting up a sniffer locally, or on the same machine to
capture the packets, and then trying to piece it together?   My bet is
that it is another spyware / addware.   Have you been browsing the pr0n
side of the internet lately?

Robert

-----Original Message-----
From: Alexandru Balan [mailto:Jay () iNES RO] 
Sent: Wednesday, March 05, 2003 2:51 AM
To: Salomao Barguil
Cc: incidents () securityfocus com
Subject: Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028

check what you have set as nameserver. girlnextdoor_ might be either a
result of DNS poisoning or just someone in your network connected to
your machine's services. The weird part would be that the remote port is
0. Did you know that you have _all_ of those services running ? 

On Fri, 2003-02-28 at 02:40, Salomao Barguil wrote:

Hi, 

Running netstat -a , I found a foreign address
"GirlNextDoor_" listening to ports TCP 1025/1028.

Can someone explain me what is going on this desktop ?

It's a Win2k/SP2 workstation with Mcafee antivirus and
ZoneAlarm.

Also, can you explain me the second set of
connections, foreign address "*:*" ? 

Thanks for your help,
Sal.

-------------------------------------------------------
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>netstat -a

Active Connections

  Proto  Local Address          Foreign Address       
State
  TCP    p4win2k:epmap          Girlnextdoor_:0       
LISTENING
  TCP    p4win2k:microsoft-ds   Girlnextdoor_:0       
LISTENING
  TCP    p4win2k:1025           Girlnextdoor_:0       
LISTENING
  TCP    p4win2k:1028           Girlnextdoor_:0       
LISTENING
  TCP    p4win2k:netbios-ssn    Girlnextdoor_:0       
LISTENING
  UDP    p4win2k:epmap          *:*
  UDP    p4win2k:microsoft-ds   *:*
  UDP    p4win2k:1027           *:*
  UDP    p4win2k:1030           *:*
  UDP    p4win2k:netbios-ns     *:*
  UDP    p4win2k:netbios-dgm    *:*
  UDP    p4win2k:isakmp         *:*

C:\>
-------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/



------------------------------------------------------------------------
----


<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";>

http://www.securityfocus.com/stillsecure </A>



-- 
The Virgin BOFH...
Linux Registered User #288905
Public GnuPG Key B760A432 available at
http://www.ines.ro/public_keys/jay.gpg


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]