SYN_SENT to port 8081

From: Ted LeRoy (tleroy_at_rochester.rr.com)
Date: 02/27/04

Next message: Sean Warnock: "Log Question"

Previous message: Thompson, Jimi: "RE: Preventing OS Detection"
Next in thread: Brian Glover: "RE: SYN_SENT to port 8081"
Maybe reply: Brian Glover: "RE: SYN_SENT to port 8081"
Reply: Jacob Bresciani: "Re: SYN_SENT to port 8081"
Maybe reply: tleroy_at_rochester.rr.com: "RE: SYN_SENT to port 8081"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 27 Feb 2004 17:23:23 -0000
To: focus-ms@securityfocus.com

('binary' encoding is not supported, stored as-is)

Hello,
I have a Windows 98 Second Edition machine that's consistently sending SYN_SENT packets to 64.186.152.176:8081. I've run a full virus scan, and run spybot search & destroy, but the transmission is still happening. I have not done all Windows 98 updates yet, and am in the process of doing so.
Below is a copy of the output from a netstat -a:

Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.

C:\WINDOWS\Desktop>netstat -a

Active Connections

  Proto Local Address Foreign Address State
  TCP fns010:1032 FNS010:0 LISTENING
  TCP fns010:42510 FNS010:0 LISTENING
  TCP fns010:1026 FNS010:0 LISTENING
  TCP fns010:1025 FNS010:0 LISTENING
  TCP fns010:1025 ROCHBDC:nbsession ESTABLISHED
  TCP fns010:1029 FNS010:0 LISTENING
  TCP fns010:1032 64.186.152.176:8081 SYN_SENT
  TCP fns010:42508 FNS010:0 LISTENING
  TCP fns010:137 FNS010:0 LISTENING
  TCP fns010:138 FNS010:0 LISTENING
  TCP fns010:nbsession FNS010:0 LISTENING
  UDP fns010:42508 *:*
  UDP fns010:nbname *:*
  UDP fns010:nbdatagram *:*

Google and Microsoft searches have yielded little. Does anyone out there know of an attack that evades Spybot and CA Anti-Virus, and exhibits the characteristics above?

Sincerely,

Ted LeRoy
MCSE(NT/2000), CCNA, A+

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Sean Warnock: "Log Question"

Previous message: Thompson, Jimi: "RE: Preventing OS Detection"
Next in thread: Brian Glover: "RE: SYN_SENT to port 8081"
Maybe reply: Brian Glover: "RE: SYN_SENT to port 8081"
Reply: Jacob Bresciani: "Re: SYN_SENT to port 8081"
Maybe reply: tleroy_at_rochester.rr.com: "RE: SYN_SENT to port 8081"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Apples poor positioning for the age *after* x86
... >> I'd be interested to know what products, other than Windows and Office, ... Microsoft is actually working *against* the long-term ... >>> Google will blow it somehow, and they can pick up the pieces. ... Apple and Netware managed to screw everything up completely. ...
(comp.sys.mac.advocacy)
Re: Apples poor positioning for the age *after* x86
... Microsoft executed on their traditional model: ... >> Google Local and Froogle, ... The Mac toolbox was written with fairly ludicrous constraints. ... You will probably never admit that Microsoft's Windows products ...
(comp.sys.mac.advocacy)
Re: OE Is Deleting My NG Headers
... which is the core business of Microsoft. ... Assuming you really want to use Google. ... Search tools routinely search your desktop or online resources or both. ... Windows Explorer works with your computer's file system; ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: OE Is Deleting My NG Headers
... Word, Google Spreadsheet to compete with Excel, Google Calendar to compete ... which is the core business of Microsoft. ... Windows, just as Windows once supplemented but then eventually replaced DOS). ... In the event that my Internet connection dies (and ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Time Warners AOL May Dump Google Search Engine, Use Microsoft
... Time Warner's AOL May Dump Google Search Engine, Use Microsoft ... Time Warner Chief Executive Richard Parsons said this week he is ...
(alt.internet.search-engines)