I went through a lot of tests in the past weeks in order to track the suspect hidden trojan or backdoor on my host targeted by this kind of traffic. One of those tests was to permit outgoing traffic for some "suspect" applications by means of a SOCKS proxy (forward is not enabled from this host to the rest of the world). From Jun 20 the suspect incoming traffic changed target: now the new target is the proxy ip address. No more 55808 packets destined to the old address until now. I'll try to provide more information on the next days. Fabio ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jun 26 2003 - 15:21:32 PDT