RE: win2k server issue

From: McCammon, Keith (Keith.McCammonat_private)
Date: Fri Jun 28 2002 - 05:54:29 PDT

Next message: Sterling, Chuck: "RE: spoofed packets to RFC 1918 addresses"

Previous message: Barry Irwin: "Re: spoofed packets to RFC 1918 addresses"
Maybe in reply to: RUSSELL T. LEWIS: "win2k server issue"
Next in thread: Kit: "RE: win2k server issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Port 6667 is used for all kinds of nasty IRC backdoors, DDoS agents, etc.  Just search Google for "tcp port 6667 malicious" or similar strings and you'll come up with hundreds of incidents and what not.  

I wouldn't even worry about the binary.  Spend that time hardening your system, and you'll be better off down the road.

Cheers

Keith

-----Original Message-----
From: RUSSELL T. LEWIS [mailto:RUSSELL_T._LEWISat_private]
Sent: Thursday, June 27, 2002 4:53 PM
To: incidentsat_private
Subject: win2k server issue




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Sterling, Chuck: "RE: spoofed packets to RFC 1918 addresses"
Previous message: Barry Irwin: "Re: spoofed packets to RFC 1918 addresses"
Maybe in reply to: RUSSELL T. LEWIS: "win2k server issue"
Next in thread: Kit: "RE: win2k server issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 08:57:23 PDT