Compromized Windows NT machine?

From: GabyHornikat_private
Date: Fri Jul 26 2002 - 02:08:55 PDT

Next message: Alexandru Balan: "Re: Bind 9.2.X exploit???"

Previous message: Joseph: "Re: Surge of attacks on ports 61127 & 61134"
Next in thread: dbroggyat_private: "Re: Compromized Windows NT machine?"
Reply: dbroggyat_private: "Re: Compromized Windows NT machine?"
Reply: Frank Knobbe: "Re: Compromized Windows NT machine?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

Recently while looking over some firewall logs I encountered some strange
traffic from a WinNT machine.
Every 90 minutes it tries to connect to a bulk of machines to port 4665
(normally eDonkey clients).
That alone isn't strange at all, but there's coming a bulk of other ports
with it, in detail
udp/smtp
udp/8004
udp/8665
udp/7665
udp/4765
udp/84
udp/2004
udp/6890
udp/28014
udp/6670

udp/smtp is coming nearly every minute, the rest every 90 minutes.

Has anybody seen this before or can anybody identify this as a trojan?

Thanks, Gaby


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Alexandru Balan: "Re: Bind 9.2.X exploit???"
Previous message: Joseph: "Re: Surge of attacks on ports 61127 & 61134"
Next in thread: dbroggyat_private: "Re: Compromized Windows NT machine?"
Reply: dbroggyat_private: "Re: Compromized Windows NT machine?"
Reply: Frank Knobbe: "Re: Compromized Windows NT machine?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 26 2002 - 08:31:33 PDT