RE: strange cmd.exe access

From: Jeff Adams (JAdamsat_private)
Date: Fri May 30 2003 - 15:13:11 PDT

Next message: morning_wood: "[Full-Disclosure] MSN search spoof"

Previous message: Cushing, David: "RE: Weird Traffic from www.eyeblaster-bs.com"
Maybe in reply to: Q: "strange cmd.exe access"
Next in thread: Valdis.Kletnieksat_private: "Re: strange cmd.exe access"
Reply: Valdis.Kletnieksat_private: "Re: strange cmd.exe access"
Reply: adam: "Re: strange cmd.exe access"
Reply: Frank Knobbe: "RE: strange cmd.exe access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> what is strange is that the cmd.exe / root.exe stuff is half way 
> through with some other code before it the ip it hit was not mapped to

> anything ( I believe it is unused) so this can not have been part of 
> another tcp converstion any ideas ?

I have been seeing similar odd cmd.exe packets as well.=20

It looks like part of a Code Red or a new variant.

Anyone else seeing the same?

----------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: morning_wood: "[Full-Disclosure] MSN search spoof"
Previous message: Cushing, David: "RE: Weird Traffic from www.eyeblaster-bs.com"
Maybe in reply to: Q: "strange cmd.exe access"
Next in thread: Valdis.Kletnieksat_private: "Re: strange cmd.exe access"
Reply: Valdis.Kletnieksat_private: "Re: strange cmd.exe access"
Reply: adam: "Re: strange cmd.exe access"
Reply: Frank Knobbe: "RE: strange cmd.exe access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 30 2003 - 15:26:36 PDT