Mailinglist Archive: opensuse-security (605 mails)

< Previous Next >
Re: [suse-security] UDP Port 6666?
  • From: michael.ryan@xxxxxxxx
  • Date: Wed, 31 Oct 2001 14:20:23 +0000
  • Message-id: <OF340C2EBC.728FD06F-ON80256AF6.004DE83D@xxxxxxxx>


I'd have a look at the services and processes running on the NT box to see
whether there is anything unusual/suspicious.
Also, you could run a virus scan to check whether any trojans have infected
the machine (given that it's a mail server)

Regards, Michael




Martin
Köhling To: SuSE Security Mailing List <suse-security@xxxxxxxx>
<mk@xxxxxxxxx cc:
mputer.de> Subject: [suse-security] UDP Port 6666?

10/31/2001
12:49 PM






Hi!

One of our out customer's internet proxy/firewall receives
UDP broadcasts (several per minute) from one of their internal
servers:

Oct 31 12:31:52 proxy01 kernel: Packet log:
InLog - eth0 PROTO=17 192.168.1.2:4537 255.255.255.255:6666
L=61 S=0x00 I=56516 F=0x0000 T=128 (#1)

192.168.1.2 is an NT server that's currently only used as a
mail server - no active users; is this probably a trojan,
or could this be Yet Another Windows Feature(tm)?

(According to various info websites the trojans "Dark Connection
Inside" and "Netbus" use this port...)

Regards,
Martin


--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx





< Previous Next >