> |___ 1025 network blackjack possible trojan could be an RPC request that is hitting on 1025 are you running BIND? do you have 1 - 1024 locked down?
> |___ 1031 BBN IAD might be inetinfo.exe. are you running IIS? > |___ 1048 Sun's NEO Object Request Broker self explanatory. this is the port that Sun's NEO sent ORB requests to. http://wwws.sun.com/software/solaris/neo/ > |___ 2103 Zephyr serv-hm connection MIT messaging system http://sourceforge.net/projects/zephyr/ > |___ 2105 MiniPay cyber cash system for micro payments. I believe this is an IBM initiative, out of Israel. > |___ 3000 HBCI Home Banking Computer Interface. http://www.sixsigma.de/english/hbci/hbci_eng.htm http://www.hbci-zka.de/spezifikation/2.html > |___ 3001 Redwood Broker Another ORB package. I have also seen Nessus on this port. could also be the Mdaemon for world client. Seems I remember an exploit for this. > > > I can find web sites that list the different ports and some of these > programs but I can't find anywhere that explains what these > programs are or http://www.corba.org/ http://www.sei.cmu.edu/str/descriptions/orb_body.html > what they do. Are they normal or could they be trojans? Any http://cve.mitre.org/ http://www.iss.net/security_center/advice/default.htm http://www.infosyssec.org/infosyssec/secref1.htm http://www.cert.org/ > advice or links > to good resources would be appreciated. > > Thanks in advance, > > Kevin > > > ------------------ > Kevin Bachelder > > Microsoft Certified Systems Engineer - Windows NT 4.0 (MCSE) > Microsoft Certified Professional - Windows 2000 (MCP) > Citrix Certified Administrator (CCA) > CompTIA A+ Certified Computer Repair Technician (A+) >