Re: SYN_SENT to port 8081
From: Jacob Bresciani (jbresc_at_ee.ualberta.ca)
Date: 02/27/04
- Previous message: focus-ms_at_securityfocus.com: "Hardware devices price-list"
- In reply to: Ted LeRoy: "SYN_SENT to port 8081"
- Next in thread: tleroy_at_rochester.rr.com: "RE: SYN_SENT to port 8081"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 14:18:17 -0700 (MST) To: Ted LeRoy <tleroy@rochester.rr.com>
any thing strange in the standard startup locations?
start/programs/startup
win.ini/system.ini
autoexec.bat
HKLM/software/microsoft/windows/current version/run
HKLM/software/microsoft/windows/current version/run once
HKLM/software/microsoft/windows/current version/run services
HKLM/software/microsoft/windows/current version/run services once
On 27 Feb 2004, Ted
LeRoy wrote:
>
>
> Hello,
> I have a Windows 98 Second Edition machine that's consistently sending SYN_SENT packets to 64.186.152.176:8081. I've run a full virus scan, and run spybot search & destroy, but the transmission is still happening. I have not done all Windows 98 updates yet, and am in the process of doing so.
> Below is a copy of the output from a netstat -a:
>
> Microsoft(R) Windows 98
> (C)Copyright Microsoft Corp 1981-1999.
>
> C:\WINDOWS\Desktop>netstat -a
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP fns010:1032 FNS010:0 LISTENING
> TCP fns010:42510 FNS010:0 LISTENING
> TCP fns010:1026 FNS010:0 LISTENING
> TCP fns010:1025 FNS010:0 LISTENING
> TCP fns010:1025 ROCHBDC:nbsession ESTABLISHED
> TCP fns010:1029 FNS010:0 LISTENING
> TCP fns010:1032 64.186.152.176:8081 SYN_SENT
> TCP fns010:42508 FNS010:0 LISTENING
> TCP fns010:137 FNS010:0 LISTENING
> TCP fns010:138 FNS010:0 LISTENING
> TCP fns010:nbsession FNS010:0 LISTENING
> UDP fns010:42508 *:*
> UDP fns010:nbname *:*
> UDP fns010:nbdatagram *:*
>
> Google and Microsoft searches have yielded little. Does anyone out there know of an attack that evades Spybot and CA Anti-Virus, and exhibits the characteristics above?
>
> Sincerely,
>
> Ted LeRoy
> MCSE(NT/2000), CCNA, A+
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: focus-ms_at_securityfocus.com: "Hardware devices price-list"
- In reply to: Ted LeRoy: "SYN_SENT to port 8081"
- Next in thread: tleroy_at_rochester.rr.com: "RE: SYN_SENT to port 8081"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
