Re: Increase in traffic on port 20480 and 6667

2002-10-18 Thread Johan De Meersman
KoRe MeLtDoWn wrote: > Be informed that 6667 is also one of the most common ports for IRC > servers to run on > >> From: "Kip Sr." <[EMAIL PROTECTED]> >> to port 6667 (internal desktops). Both ports are >> commonly used by trojan horse programs. Has anyone > Both right, and more: lots of troja

RE: Increase in traffic on port 20480 and 6667

2002-10-18 Thread Joey Teel
t;To: [EMAIL PROTECTED] >Subject: Increase in traffic on port 20480 and 6667 >Date: Thu, 10 Oct 2002 12:16:09 -0700 (PDT) >MIME-Version: 1.0 >Received: from outgoing.securityfocus.com ([205.206.231.27]) by >mc8-f38.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 15 Oct

RE: Increase in traffic on port 20480 and 6667

2002-10-17 Thread Trevor Cushen
Hope this helps Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -Original Message- From: dsardina [mailto:dsardina@;si.rr.com] Sent: 15 October 2002 21:41 To: Kip Sr.; [EMAIL PROTECTED] Subject: Re: Increase in traffic on port 20480 and 6667 I

RE: Increase in traffic on port 20480 and 6667

2002-10-17 Thread Chris Santerre
es. Clean out that 192.168.0.199 machine. Also try using filemon from sysinternals.com on it to find out what is running. Chris -Original Message- From: Kip Sr. [mailto:kipsr1@;yahoo.com] Sent: Thursday, October 10, 2002 3:16 PM To: [EMAIL PROTECTED] Subject: Increase in traffic on port

Re: Increase in traffic on port 20480 and 6667

2002-10-17 Thread Pez Mohr
lt;[EMAIL PROTECTED]> Sent: Tuesday, October 15, 2002 4:41 PM Subject: Re: Increase in traffic on port 20480 and 6667 > I dont know much about port 20480, but 6667 is an attempt to connect to a > mIRC Server. > > I dont know if 192.168.0.199 is a router IP or a pc, but if its a pc, >

Re: Increase in traffic on port 20480 and 6667

2002-10-17 Thread KoRe MeLtDoWn
OTECTED] Subject: Increase in traffic on port 20480 and 6667 Date: Thu, 10 Oct 2002 12:16:09 -0700 (PDT) MIME-Version: 1.0 Received: from outgoing.securityfocus.com ([205.206.231.27]) by mc8-f38.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 15 Oct 2002 18:17:18 -070

Re: Increase in traffic on port 20480 and 6667

2002-10-16 Thread dsardina
~ DS- - Original Message - From: "Kip Sr." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 10, 2002 3:16 PM Subject: Increase in traffic on port 20480 and 6667 > Hi there, > > In the past few days, my IDS has been picking up > traffic c

Increase in traffic on port 20480 and 6667

2002-10-15 Thread Kip Sr.
Hi there, In the past few days, my IDS has been picking up traffic coming from port 20480 (on Internet servers) to port 6667 (internal desktops). Both ports are commonly used by trojan horse programs. Has anyone else seens this? 10/10-11:50:01.977897 204.x.x.x:20480 -> 192.168.0.199:6667 TCP TT