| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: seclistaddress at yahoo.com (Manohar G Singh) Subject: Lots of traffic on port 1472 from explorer I know this may sound silly, but the last time this happened to me; I checked up and found my p2p client going overactive. Harlan Carvey wrote: >>I removed it, but it seems that something else is >>amiss, >>I still see lots of traffic from explorer.exe on the >>1472 port. >> >> > >Have you captured any of this traffic? > > > > >>The traffic is indeed coming from a system I have >>control of, >>I still have no dumps though. I can see nothing >>worrying apart >>from the aforementioned keylogger which has now been >>removed >> >> > >Not even this other traffic you've mentioned? > > > >>Lots of data is transferred from my computer to the >>outside world, >>pretty much all to addresses in the 35.xx.xx.xx >>range on the >>microsoft-ds port. Huge amount of short lived >>connections. >>I thought it looked like worm activity but I might >>be wrong. >> >> > >Or you might not be. Again, have you captured any of >the traffic? > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > >
Powered by blists - more mailing lists