[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] strange traffic ?
- To: "Full-Disclosure@Lists. Netsys. Com" <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] strange traffic ?
- From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Mar 2004 21:02:08 +0530
Dear list,
i am seeing strange traffic ... first something connects to 139 on windows
workstation ... 2 packets causes the svchost to crash.
and then i start seeing traffic to port 4444 from the same ip.
what is this traffic i am seeing ? any new kind of malware trying to open of
port 4444 with the initial vector of infection on port 139 ?
the machine is fully patched and protected by firewall from outside world with
a sniffer logging all the data ie scr, dst ip and ports numbers ( this is how i
know the above info )
and nothing suspecipous is there on the machine also ... since the machine is
under heavy watch anything unsual would be caught immediatly....
-aditya
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)