Why don't you run fport.exe (downloadable from FoundStone) to find out which applications are listening on these ports? That should tell you if it's a normal executable or some 'strange new code'. Regards, Frank On Fri, 2002-07-26 at 04:08, GabyHornikat_private wrote: > Hello! > > Recently while looking over some firewall logs I encountered some strange > traffic from a WinNT machine. > Every 90 minutes it tries to connect to a bulk of machines to port 4665 > (normally eDonkey clients). > That alone isn't strange at all, but there's coming a bulk of other ports > with it, in detail > udp/smtp > udp/8004 > udp/8665 > udp/7665 > udp/4765 > udp/84 > udp/2004 > udp/6890 > udp/28014 > udp/6670 > > udp/smtp is coming nearly every minute, the rest every 90 minutes. > > Has anybody seen this before or can anybody identify this as a trojan? > > Thanks, Gaby > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 08:27:38 PDT