Re: [suse-security] UDP Port 6666?
better U try www.sysinternals.com
I'd like to add that for checking the NT box' open ports you might want to try TCPView from www.sysinternal.com - nice free tools that will show all open connections/ports. Maybe it's useful for you.
Erwin
--- michael.ryan@storm.ie wrote:
I'd have a look at the services and processes running on the NT
box to see
whether there is anything unusual/suspicious. Also, you could run a virus scan to check whether any trojans have infected the machine (given that it's a mail server)
Regards, Michael
[...]
Hi!
One of our out customer's internet proxy/firewall receives UDP broadcasts (several per minute) from one of their internal servers:
Oct 31 12:31:52 proxy01 kernel: Packet log: InLog - eth0 PROTO=17 192.168.1.2:4537 255.255.255.255:6666 L=61 S=0x00 I=56516 F=0x0000 T=128 (#1)
192.168.1.2 is an NT server that's currently only used as a mail server - no active users; is this probably a trojan, or could this be Yet Another Windows Feature(tm)?
(According to various info websites the trojans "Dark Connection Inside" and "Netbus" use this port...)
Regards, Martin
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Can anyone point me to a website where I would find a detailed list of Ports (25 SMTP etc) Cheers Gareth Edmondson ICTteacher Ysgol Gyfun Gwyr
Have a look at: http://www.networkice.com/advice/Exploits/Ports/
Can anyone point me to a website where I would find a detailed list of Ports (25 SMTP etc) -- James Ogley, Unix Systems Administrator, Pinnacle Insurance Plc james.ogley@pinnacle.co.uk www.pinnacle.co.uk +44 (0) 20 8731 3619 Using Free Software since 1994, running GNU/Linux (SuSE 7.x) This email was created and sent with Ximian Evolution 0.16 NEW: Advogato diary at www.advogato.org/person/riggwelter
*********************************************************************** CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Pinnacle Insurance Plc. If you have received this e-mail in error please immediately notify our Helpdesk on +44 (0) 20 8207 9555. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************
/etc/services
http://www.seifried.org/security/ports/
http://www.portsdb.org/
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
----- Original Message -----
From: "staffgje"
Can anyone point me to a website where I would find a detailed list of Ports (25 SMTP etc)
Cheers
Gareth Edmondson ICTteacher Ysgol Gyfun Gwyr
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Oops, sorry, my bad! Thanks for correcting me, Mauricio. Shouldn't try code Perl and write English at the same time ;-) Erwin PS: and now for convenience the whole truth: http://www.sysinternals.com/ntw2k/source/tcpview.shtml (Download link at the end of the page) --- Mauricio Latorre wrote:
better U try www.sysinternals.com
Date: Wednesday, October 31, 2001 11:50 am Subject: Re: [suse-security] UDP Port 6666? I'd like to add that for checking the NT box' open ports you might want to try TCPView from www.sysinternal.com - nice free tools that will show all open connections/ports. Maybe it's useful for you.
Erwin
[....]
participants (5)
-
Erwin Zierler - stubainet.at
-
James Ogley
-
Kurt Seifried
-
Mauricio Latorre
-
staffgje