lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040921235908.27398.qmail@web51507.mail.yahoo.com>
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: Lots of traffic on port 1472 from explorer

> I removed it, but it seems that something else is
> amiss,
> I still see lots of traffic from explorer.exe on the
> 1472 port.

Have you captured any of this traffic?
 

> The traffic is indeed coming from a system I have
> control of,
> I still have no dumps though. I can see nothing
> worrying apart
> from the aforementioned keylogger which has now been
> removed

Not even this other traffic you've mentioned?

> Lots of data is transferred from my computer to the
> outside world,
> pretty much all to addresses in the 35.xx.xx.xx
> range on the
> microsoft-ds port. Huge amount of short lived
> connections.
> I thought it looked like worm activity but I might
> be wrong.

Or you might not be.  Again, have you captured any of
the traffic?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ