RE: Trojan or something ?

  • From: "Jamie A. Byrnes" <jabyrnes@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 5 Aug 2003 16:15:12 +0930

Hi Arief,

It would seem strange that a worm was so badly written that it uses
private addresses... I would suspect some misconfigured software myself.

Try running netstat in a dos box to see more info on the strange
connections, or there are more powerful tracing tools if you want to do
a little digging.

You don't have Trend serverprotect by any chance?


Jamie.


-----Original Message-----
From: Arief Kurniawan [mailto:ariefk@xxxxxxxxxxxxxx] 
Sent: Tuesday, 5 August 2003 11:49 AM
To: [ExchangeList]
Subject: [exchangelist] Trojan or something ?


http://www.MSExchange.org/

My Exchange 5.5 Server doing some illegal activities. Firewall log shows

that it  tries to connect to some unknown Private Class C IP (While Our 
network is using Private Class A IP addresses) and IP address 3.0.0.2
(none 
of our node). Destination port is 4939, 4940, 4561, 1519 and 1528. Is
this 
normal or some kind of trojan ?

Regards,

Arief K 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 ISA
Server Resource Site: http://www.isaserver.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
jabyrnes@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


Other related posts: