Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028

From: H C (keydet89at_private)
Date: Wed Mar 05 2003 - 09:59:22 PST

  • Next message: Kevin Patz: "Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028" 

    I'm not entirely sure what you mean by "foreign
address listening to ports..."...netstat shows you
what the local machine is listening on, and which
endpoints the foreign addresses are connected to.

Have you tried running Foundstone's fport yet?

 
> > Running netstat -a , I found a foreign address
> > "GirlNextDoor_" listening to ports TCP 1025/1028.
> > 
> > Can someone explain me what is going on this
> desktop ?
> > 
> > It's a Win2k/SP2 workstation with Mcafee antivirus
> and
> > ZoneAlarm.
> > 
> > Also, can you explain me the second set of
> > connections, foreign address "*:*" ? 
> > 
> > Thanks for your help,
> > Sal.
> > 
> >
>
-------------------------------------------------------
> > Microsoft Windows 2000 [Version 5.00.2195]
> > (C) Copyright 1985-2000 Microsoft Corp.
> > 
> > C:\>netstat -a
> > 
> > Active Connections
> > 
> >   Proto  Local Address          Foreign Address   
>    
> > State
> >   TCP    p4win2k:epmap          Girlnextdoor_:0   
>    
> > LISTENING
> >   TCP    p4win2k:microsoft-ds   Girlnextdoor_:0   
>    
> > LISTENING
> >   TCP    p4win2k:1025           Girlnextdoor_:0   
>    
> > LISTENING
> >   TCP    p4win2k:1028           Girlnextdoor_:0   
>    
> > LISTENING
> >   TCP    p4win2k:netbios-ssn    Girlnextdoor_:0   
>    
> > LISTENING
> >   UDP    p4win2k:epmap          *:*
> >   UDP    p4win2k:microsoft-ds   *:*
> >   UDP    p4win2k:1027           *:*
> >   UDP    p4win2k:1030           *:*
> >   UDP    p4win2k:netbios-ns     *:*
> >   UDP    p4win2k:netbios-dgm    *:*
> >   UDP    p4win2k:isakmp         *:*
> > 
> > C:\>
> >
>
-------------------------------------------------------
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Tax Center - forms, calculators, tips, more
> > http://taxes.yahoo.com/
> > 
> >
>
----------------------------------------------------------------------------
> > 
> > <Pre>Lose another weekend managing your IDS?
> > Take back your personal time.
> > 15-day free trial of StillSecure Border
> Guard.</Pre>
> > <A
> href="http://www.securityfocus.com/stillsecure">
> http://www.securityfocus.com/stillsecure </A>
> > 
> -- 
> The Virgin BOFH...
> Linux Registered User #288905
> Public GnuPG Key B760A432 available at
> http://www.ines.ro/public_keys/jay.gpg
> 

> ATTACHMENT part 2 application/pgp-signature
name=signature.asc



__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

    This archive was generated by hypermail 2b30 : Wed Mar 05 2003 - 14:26:34 PST