Security Basics mailing list archives
RE: irc port open on 6668/tcp and 6667/tcp
From: "Zimin, Alex" <alex () towerrecords com>
Date: Tue, 11 Feb 2003 10:48:43 -0800
You may have a Trojan(s) installed on these systems. I would run fport from www.foundstone.com to identify processes listening on these ports. Scan system with AV software of your choice (try Kaspersky AV - www.avp.ru) and/or Trojan removal software: The cleaner - http://www.moosoft.com/thecleaner/ Ad-aware - http://www.lavasoft.de Alex.
We are having two NT 4 domain controller servers, PDC & BDC.
Recently I was trying nampwin 1.3.1 and found that out of these servers, PDC has open tcp port on 6667 & 6668 for irc.
Now my question is, why these port are open on PDC? Is there something suspicious? What should I do to find the exact reason?
Current thread:
- RE: irc port open on 6668/tcp and 6667/tcp Nelson, Ernie (Feb 11)
- RE: irc port open on 6668/tcp and 6667/tcp Charles Hamby (Feb 12)
- <Possible follow-ups>
- RE: irc port open on 6668/tcp and 6667/tcp Michael Parker (Feb 12)
- RE: irc port open on 6668/tcp and 6667/tcp Zimin, Alex (Feb 12)
- RE: irc port open on 6668/tcp and 6667/tcp Wolf, Glenn (Feb 12)
- RE: irc port open on 6668/tcp and 6667/tcp Chris Santerre (Feb 13)