| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1095805318.4150a986da919@webmail.daimi.au.dk> From: milicia at brics.dk (Giuseppe Milicia) Subject: Lots of traffic on port 1472 from explorer Guys, thanks a lot for the tips, indeed there was a KLP keylogger. I removed it, but it seems that something else is amiss, I still see lots of traffic from explorer.exe on the 1472 port. > > from a home computer I'm seeing lots of traffic > > generated from > > explorer on port 1472 towards the microsoft-ds port, > > typically > > on IP addresses starting with 35.xx.xx.xx > > This isn't clear...is it coming from a system you have > control of? I'm going to assume that this is the > case, since it seems you were able to run some kind of > port to process mapping tool. The traffic is indeed coming from a system I have control of, I still have no dumps though. I can see nothing worrying apart from the aforementioned keylogger which has now been removed > > It looks like a worm but I could not find any > > references around > > and Trend Micro detects nothing. > > What makes you say that it looks like a worm? What > kind of activity are you seeing? Do you have > captures? Lots of data is transferred from my computer to the outside world, pretty much all to addresses in the 35.xx.xx.xx range on the microsoft-ds port. Huge amount of short lived connections. I thought it looked like worm activity but I might be wrong. Thanks! -- Giuseppe
Powered by blists - more mailing lists