Is this an Exchange Server? I don't recall the port numbers but I know they were all UDP and an expensive call to Microsoft came back as 'this is normal'. In my case they came from the MTA and there is no adjustment. ----- Original Message ----- From: GabyHornikat_private Date: Friday, July 26, 2002 4:08 am Subject: Compromized Windows NT machine? > Hello! > > Recently while looking over some firewall logs I encountered some > strangetraffic from a WinNT machine. > Every 90 minutes it tries to connect to a bulk of machines to port > 4665(normally eDonkey clients). > That alone isn't strange at all, but there's coming a bulk of > other ports > with it, in detail > udp/smtp > udp/8004 > udp/8665 > udp/7665 > udp/4765 > udp/84 > udp/2004 > udp/6890 > udp/28014 > udp/6670 > > udp/smtp is coming nearly every minute, the rest every 90 minutes. > > Has anybody seen this before or can anybody identify this as a trojan? > > Thanks, Gaby > > > ------------------------------------------------------------------- > --------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jul 26 2002 - 10:32:35 PDT