Mailinglist Archive: opensuse-security (605 mails)

< Previous Next >
Re: [suse-security] UDP Port 6666?
  • From: michael.ryan@xxxxxxxx
  • Date: Wed, 31 Oct 2001 14:20:23 +0000
  • Message-id: <OF340C2EBC.728FD06F-ON80256AF6.004DE83D@xxxxxxxx>

I'd have a look at the services and processes running on the NT box to see
whether there is anything unusual/suspicious.
Also, you could run a virus scan to check whether any trojans have infected
the machine (given that it's a mail server)

Regards, Michael

Köhling To: SuSE Security Mailing List <suse-security@xxxxxxxx>
<mk@xxxxxxxxx cc:> Subject: [suse-security] UDP Port 6666?

12:49 PM


One of our out customer's internet proxy/firewall receives
UDP broadcasts (several per minute) from one of their internal

Oct 31 12:31:52 proxy01 kernel: Packet log:
InLog - eth0 PROTO=17
L=61 S=0x00 I=56516 F=0x0000 T=128 (#1) is an NT server that's currently only used as a
mail server - no active users; is this probably a trojan,
or could this be Yet Another Windows Feature(tm)?

(According to various info websites the trojans "Dark Connection
Inside" and "Netbus" use this port...)


To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >