31 Oct
2001
31 Oct
'01
12:49
Hi! One of our out customer's internet proxy/firewall receives UDP broadcasts (several per minute) from one of their internal servers: Oct 31 12:31:52 proxy01 kernel: Packet log: InLog - eth0 PROTO=17 192.168.1.2:4537 255.255.255.255:6666 L=61 S=0x00 I=56516 F=0x0000 T=128 (#1) 192.168.1.2 is an NT server that's currently only used as a mail server - no active users; is this probably a trojan, or could this be Yet Another Windows Feature(tm)? (According to various info websites the trojans "Dark Connection Inside" and "Netbus" use this port...) Regards, Martin
8225
Age (days ago)
8225
Last active (days ago)
0 comments
1 participants
participants (1)
-
Martin Köhling