31 Oct
2001
31 Oct
'01
12:49
Hi! One of our out customer's internet proxy/firewall receives UDP broadcasts (several per minute) from one of their internal servers: Oct 31 12:31:52 proxy01 kernel: Packet log: InLog - eth0 PROTO=17 192.168.1.2:4537 255.255.255.255:6666 L=61 S=0x00 I=56516 F=0x0000 T=128 (#1) 192.168.1.2 is an NT server that's currently only used as a mail server - no active users; is this probably a trojan, or could this be Yet Another Windows Feature(tm)? (According to various info websites the trojans "Dark Connection Inside" and "Netbus" use this port...) Regards, Martin