PROTECTED]]
Sent: Tuesday, February 11, 2003 12:36 PM
To: [EMAIL PROTECTED]
Subject: RE: irc port open on 6668/tcp and 6667/tcp
There is a great free program called Vision from Foundstone
that maps ports to executable and processe, lists running
applications, etc. Their orignal program
/knowledge/forensics.html
Cheers,
Michael
-Original Message-
From: Nelson, Ernie [mailto:[EMAIL PROTECTED]]
Sent: February 11, 2003 12:24 PM
To: Harish Gondavale; [EMAIL PROTECTED]
Subject: RE: irc port open on 6668/tcp and 6667/tcp
I'd grab the fport utility from http://www.foundstone.com
the servers.
Recently I was trying nampwin 1.3.1 and found that out
of these servers, PDC has open tcp port on 6667 6668
for irc. I tried to search some information on
internet and found that there are some trojans also,
which open these ports.
Well, connect to the port, and see what it says
/thecleaner/
Ad-aware - http://www.lavasoft.de
Alex.
We are having two NT 4 domain controller servers, PDC
BDC.
Recently I was trying nampwin 1.3.1 and found that out
of these servers, PDC has open tcp port on 6667 6668
for irc.
Now my question is, why these port are open on PDC
.
Charles Hamby
-Original Message-
From: Nelson, Ernie [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 11, 2003 8:24 AM
To: Harish Gondavale; [EMAIL PROTECTED]
Subject: RE: irc port open on 6668/tcp and 6667/tcp
I'd grab the fport utility from http://www.foundstone.com/ and run
PROTECTED]]
Sent: Tuesday, February 11, 2003 9:24 AM
To: Harish Gondavale; [EMAIL PROTECTED]
Subject: RE: irc port open on 6668/tcp and 6667/tcp
I'd grab the fport utility from http://www.foundstone.com/ and run it on the
PDC to see what process is using those open ports.
Now my question is, why
of these servers, PDC has open tcp port on 6667 6668
for irc. I tried to search some information on
internet and found that there are some trojans also,
which open these ports.
Now my question is, why these port are open on PDC? Is
there something suspicious? What should I do to find
the exact reason
I'd grab the fport utility from http://www.foundstone.com/ and run it on the PDC to
see what process is using those open ports.
Now my question is, why these port are open on PDC? Is
there something suspicious? What should I do to find
the exact reason?