Hello all
i found very strange thing when i install Internet Explorer SP1.
I'm download from www.microsoft.com/downloads/
ie6setup.exe install program. After download and start this program,
install wizard start automatic download. I'm looking on the Firewall
and ie6wzd.exe have open connection to any 62.54.250.120 server.
Downloading was slowly and i haven't time. So i stop automatic
installation. That is ok. But install program show message about
canceling with messege (you must wait several minute .. bla bla.)
I'm looking on my firewall again and i found very strange thing:
program ie6setup.exe have open connection to IP 210.117.67.218 and
port 8080 (probably any proxy).
what is it ?
i open scan to this machine :
* + 210.117.67.218 [Unknown]
|___ 23 Telnet
|___ ........#..'..$
|___ 25 Simple Mail Transfer
|___ 220 icache8 ESMTP Sendmail 8.11.6+Sun/8.11.6; Thu, 17 Oct 2002 17:11:14 +0900 (KST)..
|___ 80 World Wide Web HTTP
|___ 111 SUN Remote Procedure Call
|___ 1720 h323hostcall
|___ 8080 Standard HTTP Proxy
This is computer/server with os Sun 5.7 ?. Microsoft and SUN ?
This isn't posible
Program no. Name Version Protocol Port
(100000) portmapper 4 TCP 111
(100000) portmapper 3 TCP 222
(100000) portmapper 2 TCP 333
(100000) portmapper 4 UDP 444
(100000) portmapper 3 UDP 555
(100000) portmapper 2 UDP 666
(100021) nlockmgr 1 UDP 4045
(100021) nlockmgr 2 UDP 4045
(100021) nlockmgr 3 UDP 4045
(100021) nlockmgr 4 UDP 4045
(100024) status 1 UDP 32773
(100024) status 1 TCP 32771
(100389) 1 UDP 32773
(100389) 1 TCP 32771
(100021) nlockmgr 1 TCP 4045
(100021) nlockmgr 2 TCP 4045
(100021) nlockmgr 3 TCP 4045
(100021) nlockmgr 4 TCP 4045
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 09:15:22 PDT