RE: Trojan or something ?

  • From: "Jamie A. Byrnes" <jabyrnes@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 5 Aug 2003 16:15:12 +0930

Hi Arief,

It would seem strange that a worm was so badly written that it uses
private addresses... I would suspect some misconfigured software myself.

Try running netstat in a dos box to see more info on the strange
connections, or there are more powerful tracing tools if you want to do
a little digging.

You don't have Trend serverprotect by any chance?


-----Original Message-----
From: Arief Kurniawan [mailto:ariefk@xxxxxxxxxxxxxx] 
Sent: Tuesday, 5 August 2003 11:49 AM
To: [ExchangeList]
Subject: [exchangelist] Trojan or something ?

My Exchange 5.5 Server doing some illegal activities. Firewall log shows

that it  tries to connect to some unknown Private Class C IP (While Our 
network is using Private Class A IP addresses) and IP address
of our node). Destination port is 4939, 4940, 4561, 1519 and 1528. Is
normal or some kind of trojan ?


Arief K 

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
Leading Network Software Directory: No.1 ISA
Server Resource Site: Windows Security Resource
Site: Network Security Library: Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
jabyrnes@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to

Other related posts: