Mailinglist Archive: opensuse-security (605 mails)

< Previous Next >
Re: [suse-security] UDP Port 6666?
  • From: "Mauricio Latorre" <mlatorre@xxxxxxxxxx>
  • Date: Wed, 31 Oct 2001 12:17:56 -0300
  • Message-id: <43b266466f99b5fa.6f99b5fa43b26646@xxxxxxxxxx>
better U try www.sysinternals.com

<hubasc0
----- Original Message -----
From: "Erwin Zierler - stubainet.at" <erwin.zierler@xxxxxxxxxxxx>
Date: Wednesday, October 31, 2001 11:50 am
Subject: Re: [suse-security] UDP Port 6666?

> I'd like to add that for checking the NT box' open ports you might
> want to try TCPView from www.sysinternal.com - nice free tools that
> will show all open connections/ports. Maybe it's useful for you.
>
> Erwin
>
> ---
> michael.ryan@xxxxxxxx wrote:
>
> >
> > I'd have a look at the services and processes running on the NT
> box to see
> > whether there is anything unusual/suspicious.
> > Also, you could run a virus scan to check whether any trojans
> have infected
> > the machine (given that it's a mail server)
> >
> > Regards, Michael
> >
> >
> [...]
>
>
> >
> > Hi!
> >
> > One of our out customer's internet proxy/firewall receives
> > UDP broadcasts (several per minute) from one of their internal
> > servers:
> >
> > Oct 31 12:31:52 proxy01 kernel: Packet log:
> > InLog - eth0 PROTO=17 192.168.1.2:4537 255.255.255.255:6666
> > L=61 S=0x00 I=56516 F=0x0000 T=128 (#1)
> >
> > 192.168.1.2 is an NT server that's currently only used as a
> > mail server - no active users; is this probably a trojan,
> > or could this be Yet Another Windows Feature(tm)?
> >
> > (According to various info websites the trojans "Dark Connection
> > Inside" and "Netbus" use this port...)
> >
> > Regards,
> > Martin
> >
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
> >
>
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >