Re: question from a newbie regarding possible trojan

Before trying to figure out if your system is infected and looking for trojans and worms, look closer at the data. Two of the systems connected to are POP3 mail servers. Probably one for your ISP and one for your school/work place. The rest are web servers and most are associated with

Re: question from a newbie regarding possible trojan

Before trying to figure out if your system is infected and looking for trojans and worms, look closer at the data. Two of the systems connected to are POP3 mail servers. Probably one for your ISP and one for your school/work place. The rest are web servers and most are associated with

RE: question from a newbie regarding possible trojan

Sep 17 00:21:41 my ip:1489 - 207.46.197.113:80 SYN **S* Sep 17 00:21:42 my ip:1501 - 207.46.197.113:80 SYN **S* Sep 17 00:21:58 my ip:1502 - 207.46.196.102:80 SYN **S* Sep 17 00:21:58 my ip:1503 - 207.46.196.102:80 SYN **S* Sep 17 00:21:58 my ip:1504 - 207.68.184.62:80 SYN

Re: question from a newbie regarding possible trojan

On Tuesday 17 September 2002 08:36, Adrian Gheorghe wrote: I have tracked a weird activity on my external interface lately (few days) I used snort, and the portscan.log file shows the following activity: #tail portscan.log [...] also netstat and nmap showed no open connections other than

Re: question from a newbie regarding possible trojan

Hi, On Tue, 17 Sep 2002, Claudio Martins wrote: You can check the date and size of some files like /bin/ps /bin/netstat to see if they have timestamps consistent with the other files on the same directories and check that their size is not too small or too big. A normal ps should have

Re: question from a newbie regarding possible trojan

-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

RE: question from a newbie regarding possible trojan

Sep 17 00:21:41 my ip:1489 - 207.46.197.113:80 SYN **S* Sep 17 00:21:42 my ip:1501 - 207.46.197.113:80 SYN **S* Sep 17 00:21:58 my ip:1502 - 207.46.196.102:80 SYN **S* Sep 17 00:21:58 my ip:1503 - 207.46.196.102:80 SYN **S* Sep 17 00:21:58 my ip:1504 - 207.68.184.62:80 SYN

Re: question from a newbie regarding possible trojan

On Tuesday 17 September 2002 08:36, Adrian Gheorghe wrote: I have tracked a weird activity on my external interface lately (few days) I used snort, and the portscan.log file shows the following activity: #tail portscan.log [...] also netstat and nmap showed no open connections other than

Re: question from a newbie regarding possible trojan

Hi, On Tue, 17 Sep 2002, Claudio Martins wrote: You can check the date and size of some files like /bin/ps /bin/netstat to see if they have timestamps consistent with the other files on the same directories and check that their size is not too small or too big. A normal ps should have

Re: question from a newbie regarding possible trojan