[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] strange traffic ?

To: "Full-Disclosure@Lists. Netsys. Com" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] strange traffic ?
From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 26 Mar 2004 21:02:08 +0530

Dear list,
i am seeing strange traffic ... first something connects to 139 on windows 
workstation ... 2 packets causes the svchost to crash.
and then i start seeing traffic to port 4444 from the same ip.

what is this traffic i am seeing ? any new kind of malware trying to open of 
port 4444 with the initial vector of infection on port 139 ?


the machine is fully patched and protected by firewall from outside world with 
a sniffer logging all the data ie scr, dst ip and ports numbers ( this is how i 
know the above info ) 

and nothing suspecipous is there on the machine also ... since the machine is 
under heavy watch anything unsual would be caught immediatly.... 


-aditya


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

Follow-Ups:
- RE: [Full-Disclosure] strange traffic ?
  - From: iss
- Re: [Full-Disclosure] strange traffic ?
  - From: KUIJPERS Jimmy
- Re: [Full-Disclosure] strange traffic ?
  - From: Nicola Del Vacchio
- Re: [Full-Disclosure] strange traffic ?
  - From: Jack

Prev by Date: Re: [Full-Disclosure] Message - Banner's Styles
Next by Date: RE: [Full-Disclosure] strange traffic ?
Previous by thread: [Full-Disclosure] Blogger XSS Vulnerability
Next by thread: RE: [Full-Disclosure] strange traffic ?
Index(es):
- Date
- Thread