RE: Security problem in installation IE sp1 ?
From: Wolf, Glenn (glenn.wolf@we-inc.com)Date: 10/18/02
- Previous message: Melt Man: "unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr["
- Maybe in reply to: Honza.K: "Security problem in installation IE sp1 ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Wolf, Glenn" <glenn.wolf@we-inc.com> To: bugtraq@securityfocus.com Date: Fri, 18 Oct 2002 09:38:31 -0700
That host is in Korea (note the port 25 banner time is also in KST).
APNIC only shows it as being owned by "Korea Network Information Center."
Use fport to verify this is really being initiated by ie6setup.exe.
Strange... but remember, anything is possible.....
-----Original Message-----
From: Honza.K [mailto:honza.dforum@seznam.cz]
Sent: Thursday, October 17, 2002 1:11 AM
To: bugtraq@securityfocus.com
Cc: incidents@securityfocus.com
Subject: Security problem in installation IE sp1 ?
Hello all
i found very strange thing when i install Internet Explorer SP1.
I'm download from www.microsoft.com/downloads/
ie6setup.exe install program. After download and start this program,
install wizard start automatic download. I'm looking on the Firewall
and ie6wzd.exe have open connection to any 62.54.250.120 server.
Downloading was slowly and i haven't time. So i stop automatic
installation. That is ok. But install program show message about
canceling with messege (you must wait several minute .. bla bla.)
I'm looking on my firewall again and i found very strange thing:
program ie6setup.exe have open connection to IP 210.117.67.218 and
port 8080 (probably any proxy).
what is it ?
i open scan to this machine :
* + 210.117.67.218 [Unknown]
|___ 23 Telnet
|___ ........#..'..$
|___ 25 Simple Mail Transfer
|___ 220 icache8 ESMTP Sendmail 8.11.6+Sun/8.11.6; Thu, 17
Oct 2002 17:11:14 +0900 (KST)..
|___ 80 World Wide Web HTTP
|___ 111 SUN Remote Procedure Call
|___ 1720 h323hostcall
|___ 8080 Standard HTTP Proxy
This is computer/server with os Sun 5.7 ?. Microsoft and SUN ?
This isn't posible
Program no. Name Version Protocol Port
(100000) portmapper 4 TCP 111
(100000) portmapper 3 TCP 222
(100000) portmapper 2 TCP 333
(100000) portmapper 4 UDP 444
(100000) portmapper 3 UDP 555
(100000) portmapper 2 UDP 666
(100021) nlockmgr 1 UDP 4045
(100021) nlockmgr 2 UDP 4045
(100021) nlockmgr 3 UDP 4045
(100021) nlockmgr 4 UDP 4045
(100024) status 1 UDP 32773
(100024) status 1 TCP 32771
(100389) 1 UDP 32773
(100389) 1 TCP 32771
(100021) nlockmgr 1 TCP 4045
(100021) nlockmgr 2 TCP 4045
(100021) nlockmgr 3 TCP 4045
(100021) nlockmgr 4 TCP 4045
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Melt Man: "unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr["
- Maybe in reply to: Honza.K: "Security problem in installation IE sp1 ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
