Security Basics mailing list archives

RE: irc port open on 6668/tcp and 6667/tcp

From: "Zimin, Alex" <alex () towerrecords com>
Date: Tue, 11 Feb 2003 10:48:43 -0800

You may have a Trojan(s) installed on these systems.
I would run fport from www.foundstone.com to identify processes
listening on these ports.
Scan system with AV software of your choice (try Kaspersky AV -
www.avp.ru)  and/or Trojan removal software:
The cleaner - http://www.moosoft.com/thecleaner/
Ad-aware - http://www.lavasoft.de

Alex.

We are having two NT 4 domain controller servers, PDC
& BDC.

Recently I was trying nampwin 1.3.1 and found that out
of these servers, PDC has open tcp port on 6667 & 6668
for irc.

Now my question is, why these port are open on PDC? Is
there something suspicious? What should I do to find
the exact reason?

Current thread:

RE: irc port open on 6668/tcp and 6667/tcp Nelson, Ernie (Feb 11)
- RE: irc port open on 6668/tcp and 6667/tcp Charles Hamby (Feb 12)
- <Possible follow-ups>
- RE: irc port open on 6668/tcp and 6667/tcp Michael Parker (Feb 12)
- RE: irc port open on 6668/tcp and 6667/tcp Zimin, Alex (Feb 12)
- RE: irc port open on 6668/tcp and 6667/tcp Wolf, Glenn (Feb 12)
- RE: irc port open on 6668/tcp and 6667/tcp Chris Santerre (Feb 13)