It might be a good idea to run netstat/tcpview on the local host and see
which process is trying to do the connect. Try cross referencing that name
in the well known spyware database. Now if it is one of those bots which
generate their names in a random fashion, the process name might not be
useful, so you might want to check across installations to see if the
process name has changed.
--------------------------------------------------Proneet Biswas
RedBack Networks
Address 300 Holger Way
San Jose CA 95134
Phone: 1-408-750-5836
Email: [EMAIL PROTECTED]
Web: www.redback.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
