Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
Re: [suse-security] UDP Port 6666?
- From: michael.ryan@xxxxxxxx
- Date: Wed, 31 Oct 2001 14:20:23 +0000
- Message-id: <OF340C2EBC.728FD06F-ON80256AF6.004DE83D@xxxxxxxx>
I'd have a look at the services and processes running on the NT box to see
whether there is anything unusual/suspicious.
Also, you could run a virus scan to check whether any trojans have infected
the machine (given that it's a mail server)
Regards, Michael
Martin
Köhling To: SuSE Security Mailing List <suse-security@xxxxxxxx>
<mk@xxxxxxxxx cc:
mputer.de> Subject: [suse-security] UDP Port 6666?
10/31/2001
12:49 PM
Hi!
One of our out customer's internet proxy/firewall receives
UDP broadcasts (several per minute) from one of their internal
servers:
Oct 31 12:31:52 proxy01 kernel: Packet log:
InLog - eth0 PROTO=17 192.168.1.2:4537 255.255.255.255:6666
L=61 S=0x00 I=56516 F=0x0000 T=128 (#1)
192.168.1.2 is an NT server that's currently only used as a
mail server - no active users; is this probably a trojan,
or could this be Yet Another Windows Feature(tm)?
(According to various info websites the trojans "Dark Connection
Inside" and "Netbus" use this port...)
Regards,
Martin
--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
| < Previous | Next > |