Security Incidents mailing list archives
Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028
From: H C <keydet89 () yahoo com>
Date: Wed, 5 Mar 2003 09:59:22 -0800 (PST)
I'm not entirely sure what you mean by "foreign address listening to ports..."...netstat shows you what the local machine is listening on, and which endpoints the foreign addresses are connected to. Have you tried running Foundstone's fport yet?
Running netstat -a , I found a foreign address "GirlNextDoor_" listening to ports TCP 1025/1028. Can someone explain me what is going on thisdesktop ?It's a Win2k/SP2 workstation with Mcafee antivirusandZoneAlarm. Also, can you explain me the second set of connections, foreign address "*:*" ? Thanks for your help, Sal.
-------------------------------------------------------
Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\>netstat -a Active Connections Proto Local Address Foreign AddressState TCP p4win2k:epmap Girlnextdoor_:0LISTENING TCP p4win2k:microsoft-ds Girlnextdoor_:0LISTENING TCP p4win2k:1025 Girlnextdoor_:0LISTENING TCP p4win2k:1028 Girlnextdoor_:0LISTENING TCP p4win2k:netbios-ssn Girlnextdoor_:0LISTENING UDP p4win2k:epmap *:* UDP p4win2k:microsoft-ds *:* UDP p4win2k:1027 *:* UDP p4win2k:1030 *:* UDP p4win2k:netbios-ns *:* UDP p4win2k:netbios-dgm *:* UDP p4win2k:isakmp *:* C:\>
-------------------------------------------------------
__________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure BorderGuard.</Pre><Ahref="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>-- The Virgin BOFH... Linux Registered User #288905 Public GnuPG Key B760A432 available at http://www.ines.ro/public_keys/jay.gpg
ATTACHMENT part 2 application/pgp-signature
name=signature.asc __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Salomao Barguil (Mar 04)
- Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Alexandru Balan (Mar 05)
- RE: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Robert (Mar 05)
- Solved !! "Girlnextdoor_" TCP Ports 1025/1028 Salomao Barguil (Mar 07)
- Re: Solved !! "Girlnextdoor_" TCP Ports 1025/1028 Nikunj Virani (Mar 10)
- Re: Solved !! "Girlnextdoor_" TCP Ports 1025/1028 Harlan Carvey (Mar 10)
- RE: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Robert (Mar 05)
- Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Alexandru Balan (Mar 05)
- Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 H C (Mar 05)
- Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Robbert Helling (Mar 06)
- Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Harlan Carvey (Mar 07)
- <Possible follow-ups>
- Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Kevin Patz (Mar 05)