RE: SYN_SENT to port 8081

From: Brian Glover (brian_at_centurionservice.com)
Date: 02/27/04

Next message: esardanons_at_presencia.net: "Re: Log Question"

Previous message: Miroslaw Slawek Chorazy: "Re: Log Question"
Maybe in reply to: Ted LeRoy: "SYN_SENT to port 8081"
Next in thread: Jacob Bresciani: "Re: SYN_SENT to port 8081"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Feb 2004 13:06:59 -0600
To: "Ted LeRoy" <tleroy@rochester.rr.com>, <focus-ms@securityfocus.com>

Ted-

You could narrow it down to the application utilizing the outgoing port
with Fport from Foundstone:
http://www.foundstone.com/resources/proddesc/fport.htm

Regards,
Brian Glover

-----Original Message-----
From: Ted LeRoy [mailto:tleroy@rochester.rr.com]
Sent: Friday, February 27, 2004 11:23 AM
To: focus-ms@securityfocus.com
Subject: SYN_SENT to port 8081

Hello,
I have a Windows 98 Second Edition machine that's consistently
sending SYN_SENT packets to 64.186.152.176:8081. I've run a full virus
scan, and run spybot search & destroy, but the transmission is still
happening. I have not done all Windows 98 updates yet, and am in the
process of doing so.
Below is a copy of the output from a netstat -a:

Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.

C:\WINDOWS\Desktop>netstat -a

Active Connections

  Proto Local Address Foreign Address State
  TCP fns010:1032 FNS010:0 LISTENING
  TCP fns010:42510 FNS010:0 LISTENING
  TCP fns010:1026 FNS010:0 LISTENING
  TCP fns010:1025 FNS010:0 LISTENING
  TCP fns010:1025 ROCHBDC:nbsession ESTABLISHED
  TCP fns010:1029 FNS010:0 LISTENING
  TCP fns010:1032 64.186.152.176:8081 SYN_SENT
  TCP fns010:42508 FNS010:0 LISTENING
  TCP fns010:137 FNS010:0 LISTENING
  TCP fns010:138 FNS010:0 LISTENING
  TCP fns010:nbsession FNS010:0 LISTENING
  UDP fns010:42508 *:*
  UDP fns010:nbname *:*
  UDP fns010:nbdatagram *:*

Google and Microsoft searches have yielded little. Does anyone out
there know of an attack that evades Spybot and CA Anti-Virus, and
exhibits the characteristics above?

Sincerely,

Ted LeRoy
MCSE(NT/2000), CCNA, A+

------------------------------------------------------------------------

---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: esardanons_at_presencia.net: "Re: Log Question"

Previous message: Miroslaw Slawek Chorazy: "Re: Log Question"
Maybe in reply to: Ted LeRoy: "SYN_SENT to port 8081"
Next in thread: Jacob Bresciani: "Re: SYN_SENT to port 8081"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]