Worm ???

From: Kania (kania@euskalnet.net)
Date: 07/23/01

• Previous message: Wagner Martini: "RE: Webserver, DMZ, ports questions"
• Next in thread: EPiC: "Re: Worm ???"
• Reply: EPiC: "Re: Worm ???"
• Reply: Bojo: "RE: Worm ???"
• Reply: TOM SUTHERLAND: "RE: Worm ???"
• Reply: Douglas R. Wilson: "Re: Worm ???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <003901c1134f$aba44c20$9700a8c0@cumcumber>
From: "Kania" <kania@euskalnet.net>
To: <focus-ms@securityfocus.com>
Subject: Worm ???
Date: Mon, 23 Jul 2001 10:15:28 +0200

I've got developmente machine with Win2000 Server conected to the Internet
with modem... I noticed that an huge amount of packets were being sent...

I did netstat -a and this is the result:

  TCP makinon:http makinon:0 LISTENING
  TCP makinon:epmap makinon:0 LISTENING
  TCP makinon:https makinon:0 LISTENING
  TCP makinon:microsoft-ds makinon:0 LISTENING
  TCP makinon:1025 makinon:0 LISTENING
  TCP makinon:1026 makinon:0 LISTENING
  TCP makinon:1027 makinon:0 LISTENING
  TCP makinon:1030 makinon:0 LISTENING
  TCP makinon:1034 makinon:0 LISTENING
  TCP makinon:1036 makinon:0 LISTENING
  TCP makinon:1043 makinon:0 LISTENING
  TCP makinon:1045 makinon:0 LISTENING
  TCP makinon:1046 makinon:0 LISTENING
  TCP makinon:1047 makinon:0 LISTENING
  TCP makinon:1048 makinon:0 LISTENING
  TCP makinon:1049 makinon:0 LISTENING
  TCP makinon:1051 makinon:0 LISTENING
  TCP makinon:1052 makinon:0 LISTENING
  TCP makinon:1053 makinon:0 LISTENING
  TCP makinon:1054 makinon:0 LISTENING
  TCP makinon:1055 makinon:0 LISTENING
  TCP makinon:1056 makinon:0 LISTENING
  TCP makinon:1058 makinon:0 LISTENING
  TCP makinon:1059 makinon:0 LISTENING
  TCP makinon:1060 makinon:0 LISTENING
  TCP makinon:1061 makinon:0 LISTENING
  TCP makinon:1062 makinon:0 LISTENING
  TCP makinon:1064 makinon:0 LISTENING
  TCP makinon:1065 makinon:0 LISTENING
  TCP makinon:1066 makinon:0 LISTENING
  TCP makinon:1067 makinon:0 LISTENING
  TCP makinon:1068 makinon:0 LISTENING
  TCP makinon:1069 makinon:0 LISTENING
  TCP makinon:1071 makinon:0 LISTENING
  TCP makinon:1072 makinon:0 LISTENING
  TCP makinon:1073 makinon:0 LISTENING
  TCP makinon:1074 makinon:0 LISTENING
  TCP makinon:1075 makinon:0 LISTENING
  TCP makinon:1076 makinon:0 LISTENING
  TCP makinon:1077 makinon:0 LISTENING
  TCP makinon:1078 makinon:0 LISTENING
  TCP makinon:1079 makinon:0 LISTENING
  TCP makinon:1080 makinon:0 LISTENING
  TCP makinon:1081 makinon:0 LISTENING
  TCP makinon:1082 makinon:0 LISTENING
  TCP makinon:1084 makinon:0 LISTENING
  TCP makinon:1085 makinon:0 LISTENING
  TCP makinon:1086 makinon:0 LISTENING
  TCP makinon:1087 makinon:0 LISTENING
  TCP makinon:1088 makinon:0 LISTENING
  TCP makinon:1089 makinon:0 LISTENING
  TCP makinon:1091 makinon:0 LISTENING
  TCP makinon:1092 makinon:0 LISTENING
  TCP makinon:1093 makinon:0 LISTENING
  TCP makinon:1094 makinon:0 LISTENING
  TCP makinon:1095 makinon:0 LISTENING
  TCP makinon:1097 makinon:0 LISTENING
  TCP makinon:1098 makinon:0 LISTENING
  TCP makinon:1099 makinon:0 LISTENING
  TCP makinon:1100 makinon:0 LISTENING
  TCP makinon:1101 makinon:0 LISTENING
  TCP makinon:1102 makinon:0 LISTENING
  TCP makinon:1104 makinon:0 LISTENING
  TCP makinon:1105 makinon:0 LISTENING
  TCP makinon:1106 makinon:0 LISTENING
  TCP makinon:1107 makinon:0 LISTENING
  TCP makinon:1108 makinon:0 LISTENING
  TCP makinon:1110 makinon:0 LISTENING
  TCP makinon:1111 makinon:0 LISTENING
  TCP makinon:1112 makinon:0 LISTENING
  TCP makinon:1113 makinon:0 LISTENING
  TCP makinon:1114 makinon:0 LISTENING
  TCP makinon:1115 makinon:0 LISTENING
  TCP makinon:1117 makinon:0 LISTENING
  TCP makinon:1118 makinon:0 LISTENING
  TCP makinon:1119 makinon:0 LISTENING
  TCP makinon:1120 makinon:0 LISTENING
  TCP makinon:1121 makinon:0 LISTENING
  TCP makinon:1122 makinon:0 LISTENING
  TCP makinon:1123 makinon:0 LISTENING
  TCP makinon:1124 makinon:0 LISTENING
  TCP makinon:1125 makinon:0 LISTENING
  TCP makinon:1126 makinon:0 LISTENING
  TCP makinon:1127 makinon:0 LISTENING
  TCP makinon:1128 makinon:0 LISTENING
  TCP makinon:1129 makinon:0 LISTENING
  TCP makinon:1131 makinon:0 LISTENING
  TCP makinon:1132 makinon:0 LISTENING
  TCP makinon:1133 makinon:0 LISTENING
  TCP makinon:1134 makinon:0 LISTENING
  TCP makinon:1135 makinon:0 LISTENING
  TCP makinon:1136 makinon:0 LISTENING
  TCP makinon:1137 makinon:0 LISTENING
  TCP makinon:1138 makinon:0 LISTENING
  TCP makinon:1139 makinon:0 LISTENING
  TCP makinon:1140 makinon:0 LISTENING
  TCP makinon:1141 makinon:0 LISTENING
  TCP makinon:1142 makinon:0 LISTENING
  TCP makinon:1144 makinon:0 LISTENING
  TCP makinon:1145 makinon:0 LISTENING
  TCP makinon:1146 makinon:0 LISTENING
  TCP makinon:1147 makinon:0 LISTENING
  TCP makinon:1148 makinon:0 LISTENING
  TCP makinon:1149 makinon:0 LISTENING
  TCP makinon:1151 makinon:0 LISTENING
  TCP makinon:1152 makinon:0 LISTENING
  TCP makinon:1153 makinon:0 LISTENING
  TCP makinon:1155 makinon:0 LISTENING
  TCP makinon:1156 makinon:0 LISTENING
  TCP makinon:1157 makinon:0 LISTENING
  TCP makinon:1158 makinon:0 LISTENING
  TCP makinon:1159 makinon:0 LISTENING
  TCP makinon:1160 makinon:0 LISTENING
  TCP makinon:1161 makinon:0 LISTENING
  TCP makinon:1162 makinon:0 LISTENING
  TCP makinon:1163 makinon:0 LISTENING
  TCP makinon:1164 makinon:0 LISTENING
  TCP makinon:1165 makinon:0 LISTENING
  TCP makinon:1166 makinon:0 LISTENING
  TCP makinon:1167 makinon:0 LISTENING
  TCP makinon:1169 makinon:0 LISTENING
  TCP makinon:1170 makinon:0 LISTENING
  TCP makinon:1171 makinon:0 LISTENING
  TCP makinon:1172 makinon:0 LISTENING
  TCP makinon:1173 makinon:0 LISTENING
  TCP makinon:3372 makinon:0 LISTENING
  TCP makinon:4140 makinon:0 LISTENING
  TCP makinon:http 216.86.32.9:3117 CLOSE_WAIT
  TCP makinon:1032 galcott.com:http TIME_WAIT
  TCP makinon:1034 uweb.syd.optusnet.com.au:http LAST_ACK
  TCP makinon:1036 codeavionics.com:http ESTABLISHED
  TCP makinon:1043 141.210.10.117:ftp ESTABLISHED
  TCP makinon:1045 35.26.36.142:http ESTABLISHED
  TCP makinon:1046 74.171.153.201:http ESTABLISHED
  TCP makinon:1047 113.60.15.5:http ESTABLISHED
  TCP makinon:1048 152.205.132.64:http ESTABLISHED
  TCP makinon:1049 191.94.250.123:http ESTABLISHED
  TCP makinon:1051 13.129.91.11:http ESTABLISHED
  TCP makinon:1052 52.18.209.70:http ESTABLISHED
  TCP makinon:1053 91.163.70.130:http ESTABLISHED
  TCP makinon:1054 130.52.188.189:http ESTABLISHED
  TCP makinon:1055 169.197.49.249:http ESTABLISHED
  TCP makinon:1056 208.86.167.52:http LAST_ACK
  TCP makinon:1058 30.121.146.171:http LAST_ACK
  TCP makinon:1059 69.10.8.231:http LAST_ACK
  TCP makinon:1060 108.155.125.34:http LAST_ACK
  TCP makinon:1062 186.189.104.153:http ESTABLISHED
  TCP makinon:1064 8.224.201.40:http ESTABLISHED
  TCP makinon:1066 86.2.181.159:http ESTABLISHED
  TCP makinon:1067 125.147.42.219:http ESTABLISHED
  TCP makinon:1068 164.36.160.22:http ESTABLISHED
  TCP makinon:1069 203.181.21.82:http ESTABLISHED
  TCP makinon:1071 25.216.0.201:http ESTABLISHED
  TCP makinon:1072 64.105.118.4:http LAST_ACK
  TCP makinon:1073 103.250.235.63:http ESTABLISHED
  TCP makinon:1074 142.139.97.123:http ESTABLISHED
  TCP makinon:1075 181.28.215.182:http ESTABLISHED
  TCP makinon:1076 220.173.76.242:http LAST_ACK
  TCP makinon:1077 3.63.194.45:http ESTABLISHED
  TCP makinon:1078 42.208.55.105:http ESTABLISHED
  TCP makinon:1079 81.97.173.164:http ESTABLISHED
  TCP makinon:1080 120.242.34.224:http ESTABLISHED
  TCP makinon:1081 159.131.152.27:http ESTABLISHED
  TCP makinon:1082 198.20.14.87:http ESTABLISHED
  TCP makinon:1084 20.55.111.230:http ESTABLISHED
  TCP makinon:1085 59.200.228.33:http ESTABLISHED
  TCP makinon:1086 98.89.90.93:http ESTABLISHED
  TCP makinon:1087 137.234.207.152:http ESTABLISHED
  TCP makinon:1088 176.123.69.212:http ESTABLISHED
  TCP makinon:1089 215.12.187.15:http ESTABLISHED
  TCP makinon:1091 37.47.166.134:http ESTABLISHED
  TCP makinon:1092 76.192.27.194:http ESTABLISHED
  TCP makinon:1093 115.81.145.253:http ESTABLISHED
  TCP makinon:1094 154.226.6.57:http ESTABLISHED
  TCP makinon:1095 193.115.124.116:http ESTABLISHED
  TCP makinon:1097 15.150.103.235:http ESTABLISHED
  TCP makinon:1098 54.39.221.38:http ESTABLISHED
  TCP makinon:1099 93.184.82.98:http ESTABLISHED
  TCP makinon:1100 132.73.200.157:http ESTABLISHED
  TCP makinon:1101 171.218.61.217:http ESTABLISHED
  TCP makinon:1102 210.107.179.20:http ESTABLISHED
  TCP makinon:1104 32.142.158.139:http ESTABLISHED
  TCP makinon:1105 71.31.20.199:http ESTABLISHED
  TCP makinon:1106 110.176.255.26:http ESTABLISHED
  TCP makinon:1107 149.65.117.86:http ESTABLISHED
  TCP makinon:1108 188.210.234.145:http ESTABLISHED
  TCP makinon:1110 10.245.213.8:http ESTABLISHED
  TCP makinon:1111 49.134.75.68:http ESTABLISHED
  TCP makinon:1112 88.23.193.127:http ESTABLISHED
  TCP makinon:1113 40.182.56.187:http ESTABLISHED
  TCP makinon:1114 166.57.172.246:http LAST_ACK
  TCP makinon:1115 205.202.33.50:http ESTABLISHED
  TCP makinon:1117 27.237.12.169:http ESTABLISHED
  TCP makinon:1118 66.126.130.228:http ESTABLISHED
  TCP makinon:1119 105.15.248.31:http ESTABLISHED
  TCP makinon:1120 144.160.109.91:http ESTABLISHED
  TCP makinon:1121 183.49.227.150:http ESTABLISHED
  TCP makinon:1122 222.194.88.210:http LAST_ACK
  TCP makinon:1123 5.84.206.13:http ESTABLISHED
  TCP makinon:1124 44.229.67.73:http ESTABLISHED
  TCP makinon:1125 83.118.47.157:http ESTABLISHED
  TCP makinon:1126 57.104.20.196:http ESTABLISHED
  TCP makinon:1127 122.7.165.216:http ESTABLISHED
  TCP makinon:1128 161.152.26.20:http ESTABLISHED
  TCP makinon:1129 200.41.144.79:http ESTABLISHED
  TCP makinon:1131 22.76.123.198:http LAST_ACK
  TCP makinon:1132 61.221.240.1:http ESTABLISHED
  TCP makinon:1133 100.110.102.61:http ESTABLISHED
  TCP makinon:1134 139.255.219.120:http ESTABLISHED
  TCP makinon:1135 178.144.81.180:http ESTABLISHED
  TCP makinon:1136 217.33.199.239:http ESTABLISHED
  TCP makinon:1137 0.179.60.43:http ESTABLISHED
  TCP makinon:1138 39.68.178.102:http ESTABLISHED
  TCP makinon:1139 78.213.39.162:http ESTABLISHED
  TCP makinon:1140 117.102.157.221:http ESTABLISHED
  TCP makinon:1141 156.247.18.25:http ESTABLISHED
  TCP makinon:1142 195.136.136.84:http ESTABLISHED
  TCP makinon:1144 17.171.115.203:http ESTABLISHED
  TCP makinon:1145 201.68.51.228:http ESTABLISHED
  TCP makinon:1146 58.224.4.214:http ESTABLISHED
  TCP makinon:1147 135.140.185.80:http ESTABLISHED
  TCP makinon:1148 171.123.214.199:http LAST_ACK
  TCP makinon:1149 28.23.208.154:http ESTABLISHED
  TCP makinon:1151 207.106.243.62:http ESTABLISHED
  TCP makinon:1152 141.178.161.140:http ESTABLISHED
  TCP makinon:1153 64.6.237.17:http LAST_ACK
  TCP makinon:1155 177.161.190.3:http ESTABLISHED
  TCP makinon:1156 34.61.144.245:http ESTABLISHED
  TCP makinon:1157 147.216.137.200:http ESTABLISHED
  TCP makinon:1158 189.211.16.73:http ESTABLISHED
  TCP makinon:1159 207.122.53.32:http ESTABLISHED
  TCP makinon:1160 81.145.71.248:http SYN_SENT
  TCP makinon:1161 92.133.126.132:http SYN_SENT
  TCP makinon:1162 165.218.228.184:http SYN_SENT
  TCP makinon:1163 3.161.4.30:http SYN_SENT
  TCP makinon:1164 171.0.237.218:http SYN_SENT
  TCP makinon:1165 107.3.22.3:http SYN_SENT
  TCP makinon:1166 209.164.48.6:http SYN_SENT
  TCP makinon:1167 163.25.165.51:http SYN_SENT
  TCP makinon:1169 33.187.157.109:http SYN_SENT
  TCP makinon:1170 7.37.34.60:http SYN_SENT
  TCP makinon:1171 203.2.75.30:http SYN_SENT
  TCP makinon:1172 183.39.214.243:http SYN_SENT
  TCP makinon:1173 74.222.225.56:http SYN_SENT
  TCP makinon:netbios-ssn makinon:0 LISTENING
  TCP makinon:1037 JUMBOTRON:netbios-ssn TIME_WAIT
  UDP makinon:epmap *:*
  UDP makinon:microsoft-ds *:*
  UDP makinon:1028 *:*
  UDP makinon:3456 *:*
  UDP makinon:netbios-ns *:*
  UDP makinon:netbios-dgm *:*
  UDP makinon:isakmp *:*

---

• Previous message: Wagner Martini: "RE: Webserver, DMZ, ports questions"
• Next in thread: EPiC: "Re: Worm ???"
• Reply: EPiC: "Re: Worm ???"
• Reply: Bojo: "RE: Worm ???"
• Reply: TOM SUTHERLAND: "RE: Worm ???"
• Reply: Douglas R. Wilson: "Re: Worm ???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Linux als Router ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ... (de.comp.os.unix.linux.misc) Re: Routing and Remote Access NAT - I need to modify TTL ... with two interfaces: PUBLIC (internet) and PRIVATE ... use it as a gateway, they can access hosts on the PUBLIC interface, TTL is ... but the replay that comes back to the NAT ... They relay on the fact that client computers accept packets with TTL=0, ... (microsoft.public.windows.server.networking) Re: Routing and Remote Access NAT - I need to modify TTL ... with two interfaces: PUBLIC (internet) and PRIVATE ... use it as a gateway, they can access hosts on the PUBLIC interface, TTL is ... but the replay that comes back to the NAT ... They relay on the fact that client computers accept packets with TTL=0, ... (microsoft.public.windows.server.networking) Re: Internet Sharing ... Sharing in the Sharing System Prefs pane. ... How do I get other Macs on the same LAN to use that shared internet ... The problem is that you already have a router on your network - the ... broadband modem. ... (uk.comp.sys.mac) Re: Ethernet issue: works one way but not another ... packets transmitted, 5 packets received, 0% packet loss ... (This is when connected directly to internet through ... FBSD, I have been working with BSDI at the isp I work for for the last ... As for my network topology, I have an internal network that goes ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-07