Security Basics mailing list archives
Re: port 2112
From: Dean_Larson () May-Co com
Date: Fri, 8 Aug 2003 07:56:38 -0500
i did a netstat -a and it showed nothing unusual. i found that strange, as
their are thousands of attempted connections out of this pc.
"J. Lambrecht"
<jl_post@pandora To: <security-basics () securityfocus com>, <Dean_Larson () May-Co
com>
.be> cc:
Subject: Re: port 2112
08/06/2003 05:38
PM
Please respond
to "J.
Lambrecht"
check in portlists for possible trojans at that portnbr., as i remember
kerberos is somehow attracting attention to one of it's port. Ehr, thought
this had something to do with LDAP or some other similarlylike service.
Verify wich services there are running at your host wich is initiating (?)
the connections. Eventually verify these with reliable service activity on
the machine itself.
Do you mean you have no way of doing 'netstat -a' or something ?
----- Original Message -----
From: <Dean_Larson () May-Co com>
To: <security-basics () securityfocus com>
Sent: Wednesday, August 06, 2003 8:12 PM
Subject: port 2112
we have a computer trying to contact a computer on the internet
66.7.244.x
on port 2112 /tcp. we've looked at the computer inside our network, but didn't find anything unusual (but we were not able to do a lot of
snooping
on the computer -- politics). i did a google search on found a few programs running on this port, mostly kerberos related. anyone seen this type of activity also? suggestions? thanks for your help
-------------------------------------------------------------------------- -
-------------------------------------------------------------------------- --
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- port 2112 Dean_Larson (Aug 06)
- Re: port 2112 J. Lambrecht (Aug 07)
- <Possible follow-ups>
- Re: port 2112 Dean_Larson (Aug 08)