|
Security Incidents
mailing list archives
Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028
From: Robbert Helling <robjeh () wanadoo nl>
Date: Wed, 05 Mar 2003 23:55:51 +0100
If i look at my 2 first entries i see:
Active Connections
Proto Local Address Foreign Address State
TCP nack:epmap nack:0 LISTENING
TCP nack:microsoft-ds nack:0 LISTENING
The Foreign Address shows my own host name, i'm not sure why its listed
this way. But i guess you have to find your problem locally.
At 18:59 5-3-2003, H C wrote:
I'm not entirely sure what you mean by "foreign
address listening to ports..."...netstat shows you
what the local machine is listening on, and which
endpoints the foreign addresses are connected to.
Have you tried running Foundstone's fport yet?
> > Running netstat -a , I found a foreign address
> > "GirlNextDoor_" listening to ports TCP 1025/1028.
> >
> > Can someone explain me what is going on this
> desktop ?
> >
> > It's a Win2k/SP2 workstation with Mcafee antivirus
> and
> > ZoneAlarm.
> >
> > Also, can you explain me the second set of
> > connections, foreign address "*:*" ?
> >
> > Thanks for your help,
> > Sal.
> >
> >
>
-------------------------------------------------------
> > Microsoft Windows 2000 [Version 5.00.2195]
> > (C) Copyright 1985-2000 Microsoft Corp.
> >
> > C:\>netstat -a
> >
> > Active Connections
> >
> > Proto Local Address Foreign Address
>
> > State
> > TCP p4win2k:epmap Girlnextdoor_:0
>
> > LISTENING
> > TCP p4win2k:microsoft-ds Girlnextdoor_:0
>
> > LISTENING
> > TCP p4win2k:1025 Girlnextdoor_:0
>
> > LISTENING
> > TCP p4win2k:1028 Girlnextdoor_:0
>
> > LISTENING
> > TCP p4win2k:netbios-ssn Girlnextdoor_:0
>
> > LISTENING
> > UDP p4win2k:epmap *:*
> > UDP p4win2k:microsoft-ds *:*
> > UDP p4win2k:1027 *:*
> > UDP p4win2k:1030 *:*
> > UDP p4win2k:netbios-ns *:*
> > UDP p4win2k:netbios-dgm *:*
> > UDP p4win2k:isakmp *:*
> >
> > C:\>
> >
>
-------------------------------------------------------
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Tax Center - forms, calculators, tips, more
> > http://taxes.yahoo.com/
> >
> >
>
----------------------------------------------------------------------------
> >
> > <Pre>Lose another weekend managing your IDS?
> > Take back your personal time.
> > 15-day free trial of StillSecure Border
> Guard.</Pre>
> > <A
> href="http://www.securityfocus.com/stillsecure";>
> http://www.securityfocus.com/stillsecure </A>
> >
> --
> The Virgin BOFH...
> Linux Registered User #288905
> Public GnuPG Key B760A432 available at
> http://www.ines.ro/public_keys/jay.gpg
>
> ATTACHMENT part 2 application/pgp-signature
name=signature.asc
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";>
http://www.securityfocus.com/stillsecure </A>
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
 By Date 
By Thread
Current thread:
- RE: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028, (continued)
Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 H C (Mar 05)
Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Kevin Patz (Mar 05)
|
Intro
