| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040326210433.79424.qmail@web41110.mail.yahoo.com> From: fulldis at jackmccarthy.com (Jack) Subject: strange traffic ? More details are definitely needed, but let me ask a very basic question...is it safe to assume that you're running some sort of AV software? You're not infected with a Blaster varient, right? http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html --- "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh@...ine.gateway.technolabs.net> wrote: > Dear list, > i am seeing strange traffic ... first something connects to 139 on windows > workstation ... 2 packets causes the svchost to crash. > and then i start seeing traffic to port 4444 from the same ip. > > what is this traffic i am seeing ? any new kind of malware trying to open of > port 4444 with the initial vector of infection on port 139 ? > > > the machine is fully patched and protected by firewall from outside world > with a sniffer logging all the data ie scr, dst ip and ports numbers ( this > is how i know the above info ) > > and nothing suspecipous is there on the machine also ... since the machine is > under heavy watch anything unsual would be caught immediatly.... > > > -aditya > > > ________________________________________________________________________ > Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
Powered by blists - more mailing lists