| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040921210401.3370.qmail@web51504.mail.yahoo.com> From: keydet89 at yahoo.com (Harlan Carvey) Subject: Lots of traffic on port 1472 from explorer Giuseppe, > from a home computer I'm seeing lots of traffic > generated from > explorer on port 1472 towards the microsoft-ds port, > typically > on IP addresses starting with 35.xx.xx.xx This isn't clear...is it coming from a system you have control of? I'm going to assume that this is the case, since it seems you were able to run some kind of port to process mapping tool. > It looks like a worm but I could not find any > references around > and Trend Micro detects nothing. What makes you say that it looks like a worm? What kind of activity are you seeing? Do you have captures? > Also there is some hidden process oakklp32.exe which > is not shown > by the taskmanager but is costantly active, again I > could not find anything about it! How is the process hidden? Just b/c it doesn't appear in the Task Manager doesn't mean that it's hidden...after all, you found it somehow. And I'm not surprised that you're not finding anything about it, as processes can be named anything. > Ideas? Clues? Where is the executable located on your system? Do you have a copy of it? If not, why? If you do, have you run strings.exe against the file, or have you done any other analysis?
Powered by blists - more mailing lists