Think I've got trouble

From: Katherine Ogden (kogdenat_private)
Date: Wed Jan 09 2002 - 09:00:40 PST

Next message: Jose Nazario: "RE: Spoofed scans"

Previous message: Nutcase_69: "Name that Trojan"
Next in thread: Hugo van der Kooij: "Re: Think I've got trouble"
Reply: Hugo van der Kooij: "Re: Think I've got trouble"
Reply: Andrew Blevins: "RE: Think I've got trouble"
Reply: Nexus: "Re: Think I've got trouble"
Reply: Frank Knobbe: "RE: Think I've got trouble"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) We began having trouble with our exchange server. For no reason we could pin down the OWA would throw up an error and stop the www service. Being the slightly paranoid sort I downloaded Retina and ran it against the email server. It showed the usual things but it also showed Port 1058 - Nim Port 1090 - Xtreme Two other exchange servers show these ports open. Port 1042 - Bla Port 1059 - Nimreg Two questions. Does anybody know what these are? And am I right in assuming that these machines have been compromised and will need to be rebuilt? Thank you for the help. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: Jose Nazario: "RE: Spoofed scans"
Previous message: Nutcase_69: "Name that Trojan"
Next in thread: Hugo van der Kooij: "Re: Think I've got trouble"
Reply: Hugo van der Kooij: "Re: Think I've got trouble"
Reply: Andrew Blevins: "RE: Think I've got trouble"
Reply: Nexus: "Re: Think I've got trouble"
Reply: Frank Knobbe: "RE: Think I've got trouble"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 13:46:13 PST