From A_Johnson-SuseML-e to suse-security@suse.com, suse-linux-e@suse.com,...:
PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... Nmap is a portscanner, not a sniffer. In fact I don't really know which is a *real* good sniffer. Just search on freshmeat.net for it. You'll certainly find one. I don't think the thing on port 139 is harmfull, I portscanned my mother's windows and she has it also running. For the others I don't know. Maybe some Win2K stuff? Can't help you with the mailinglist either, you might want to take a look on www.securityfocus.com.
hth,
This is why I think I have a bot/Trojan, the first 2 lines, tcp port 1080 and 5000 and 139... they are up even when I have no IP assigned to my NIC, they are always there... and I have no idea is what is going on at those ports. I have a fire wall, Zonealarm and a linksys 4 port router that supports NAT...okay okay I am new to this stuff ....lol...but it's fun in some sick and twisted way that I can not figure out. So FLAME ON he he but with a side of help would be greatly appreciated. :)
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 24.183.224.125:139 0.0.0.0:0 LISTENING UDP 24.183.224.125:1900 *:* UDP 24.183.224.125:137 *:* UDP 24.183.224.125:138 *:* UDP 127.0.0.1:1026 *:* UDP 127.0.0.1:1041 *:* UDP 127.0.0.1:1095 *:*
Aaron L Johnson
-- dieter