Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028

From: Alexandru Balan (Jay@iNES.RO)
Date: 03/05/03

  • Next message: Robert: "RE: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028" 
    From: Alexandru Balan <Jay@iNES.RO>
To: Salomao Barguil <barguil@yahoo.com>
Date: 05 Mar 2003 11:50:53 +0200

    check what you have set as nameserver. girlnextdoor_ might be either a
    result of DNS poisoning or just someone in your network connected to
    your machine's services. The weird part would be that the remote port is
    0. Did you know that you have _all_ of those services running ?

    On Fri, 2003-02-28 at 02:40, Salomao Barguil wrote:
    > Hi,
    >
    > Running netstat -a , I found a foreign address
    > "GirlNextDoor_" listening to ports TCP 1025/1028.
    >
    > Can someone explain me what is going on this desktop ?
    >
    > It's a Win2k/SP2 workstation with Mcafee antivirus and
    > ZoneAlarm.
    >
    > Also, can you explain me the second set of
    > connections, foreign address "*:*" ?
    >
    > Thanks for your help,
    > Sal.
    >
    > -------------------------------------------------------
    > Microsoft Windows 2000 [Version 5.00.2195]
    > (C) Copyright 1985-2000 Microsoft Corp.
    >
    > C:\>netstat -a
    >
    > Active Connections
    >
    > Proto Local Address Foreign Address
    > State
    > TCP p4win2k:epmap Girlnextdoor_:0
    > LISTENING
    > TCP p4win2k:microsoft-ds Girlnextdoor_:0
    > LISTENING
    > TCP p4win2k:1025 Girlnextdoor_:0
    > LISTENING
    > TCP p4win2k:1028 Girlnextdoor_:0
    > LISTENING
    > TCP p4win2k:netbios-ssn Girlnextdoor_:0
    > LISTENING
    > UDP p4win2k:epmap *:*
    > UDP p4win2k:microsoft-ds *:*
    > UDP p4win2k:1027 *:*
    > UDP p4win2k:1030 *:*
    > UDP p4win2k:netbios-ns *:*
    > UDP p4win2k:netbios-dgm *:*
    > UDP p4win2k:isakmp *:*
    >
    > C:\>
    > -------------------------------------------------------
    >
    > __________________________________________________
    > Do you Yahoo!?
    > Yahoo! Tax Center - forms, calculators, tips, more
    > http://taxes.yahoo.com/
    >
    > ----------------------------------------------------------------------------
    >
    > <Pre>Lose another weekend managing your IDS?
    > Take back your personal time.
    > 15-day free trial of StillSecure Border Guard.</Pre>
    > http://www.securityfocus.com/stillsecure
    > 

    -- 
The Virgin BOFH...
Linux Registered User #288905
Public GnuPG Key B760A432 available at
http://www.ines.ro/public_keys/jay.gpg

  • Next message: Robert: "RE: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028"

    Relevant Pages

    • Re: mail delivery on LAN - This time Linux
      ... If you are trying to send mail for linux11 to linux10 ... on boith system sendmail must listen on the ... > So, it appears, that smtpd is listening alright. ... > Do you Yahoo!? ...
      (RedHat)
    • Re: Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028
      ... important point is the STATE of the connection. ... your case, and mine, the STATE is "LISTENING". ... >>Do you Yahoo!? ... >>Take back your personal time. ...
      (Incidents)
    • a tool like nestat
      ... I know there is a tool more sofisticated than netstat ... that can even show me which file is listening to ... connections and stuff like that. ... New and Improved Yahoo! ...
      (Security-Basics)
    • RE: SQL & MSDE and Ports 1433 and 1434
      ... Since it seems that both MS SQL Server and MSDE are ... vulnerable to the Slammer exploit, ... be to see if anything is actually listening on UDP ... Do you Yahoo!? ...
      (Security-Basics)
    • RE: SQL & MSDE and Ports 1433 and 1434
      ... Since it seems that both MS SQL Server and MSDE are ... vulnerable to the Slammer exploit, ... be to see if anything is actually listening on UDP ... Do you Yahoo!? ...
      (Security-Basics)