KoRe MeLtDoWn wrote:
> Be informed that 6667 is also one of the most common ports for IRC
> servers to run on
>
>> From: "Kip Sr." <[EMAIL PROTECTED]>
>> to port 6667 (internal desktops). Both ports are
>> commonly used by trojan horse programs. Has anyone
>
Both right, and more: lots of troja
t;To: [EMAIL PROTECTED]
>Subject: Increase in traffic on port 20480 and 6667
>Date: Thu, 10 Oct 2002 12:16:09 -0700 (PDT)
>MIME-Version: 1.0
>Received: from outgoing.securityfocus.com ([205.206.231.27]) by
>mc8-f38.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 15
Oct
Hope this helps
Trevor Cushen
Sysnet Ltd
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
-Original Message-
From: dsardina [mailto:dsardina@;si.rr.com]
Sent: 15 October 2002 21:41
To: Kip Sr.; [EMAIL PROTECTED]
Subject: Re: Increase in traffic on port 20480 and 6667
I
es. Clean out that 192.168.0.199 machine.
Also try using filemon from sysinternals.com on it to find out what is
running.
Chris
-Original Message-
From: Kip Sr. [mailto:kipsr1@;yahoo.com]
Sent: Thursday, October 10, 2002 3:16 PM
To: [EMAIL PROTECTED]
Subject: Increase in traffic on port
lt;[EMAIL PROTECTED]>
Sent: Tuesday, October 15, 2002 4:41 PM
Subject: Re: Increase in traffic on port 20480 and 6667
> I dont know much about port 20480, but 6667 is an attempt to connect to a
> mIRC Server.
>
> I dont know if 192.168.0.199 is a router IP or a pc, but if its a pc,
>
OTECTED]
Subject: Increase in traffic on port 20480 and 6667
Date: Thu, 10 Oct 2002 12:16:09 -0700 (PDT)
MIME-Version: 1.0
Received: from outgoing.securityfocus.com ([205.206.231.27]) by
mc8-f38.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 15 Oct
2002 18:17:18 -070
~
DS-
- Original Message -
From: "Kip Sr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 10, 2002 3:16 PM
Subject: Increase in traffic on port 20480 and 6667
> Hi there,
>
> In the past few days, my IDS has been picking up
> traffic c
Hi there,
In the past few days, my IDS has been picking up
traffic coming from port 20480 (on Internet servers)
to port 6667 (internal desktops). Both ports are
commonly used by trojan horse programs. Has anyone
else seens this?
10/10-11:50:01.977897 204.x.x.x:20480 ->
192.168.0.199:6667
TCP TT