FW: FPORT issues
From: Anderson, Kim Marie (US - Hermitage) (kianderson@deloitte.com)Date: 08/16/02
- Previous message: Rick Magill: "Re: Personal Firewalls (Zone Alarm, Tiny Personal Firewall)"
- Maybe in reply to: RUSSELL T. LEWIS: "FPORT issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Anderson, Kim Marie (US - Hermitage)" <kianderson@deloitte.com> To: security-basics@securityfocus.com Date: Thu, 15 Aug 2002 18:15:51 -0400
I've been doing a number of pro-active scanning lately and noticed that
media server likes to grab this port for the nsum service. Hope this helps?
Kim Marie Anderson
Deloitte & Touche
615.882.7961
-----Original Message-----
From: Rowley, Michael (M.) [mailto:mrowley7@ford.com]
Sent: Tuesday, August 13, 2002 3:05 PM
To: 'RUSSELL T. LEWIS'; security-basics@securityfocus.com
Subject: RE: FPORT issues
Russell
Questions...
One Site to check ports..
http://www.dark-e.com/archive/trojans/ports.shtml
Or http://www.iss.net Fairly good site
Is it UDP? Or TCP?
If TCP.. One option.. Port 6666 is listed potentially as Dark
Connection Inside 1.2 beta ... whoa
IRC Servers usually run on this port 6666.. Or an IRC Trojan?..
Or Napster.. (Who still uses it?) Many settings default to Port 6666
Alta Vista Tunnel uses 6666...
Are you running TAG? (Transcoding Active Gateway).. It has an error log
port that multicasts to port 6666
Or Bugster? (P2P).. Although should not be on NT 4 machine... (Only linux)
Kali uses Port 6666
A middleware called DBBalancer uses 6666
Just my .02.. Good luck to you
Michael J. Rowley
Security Consultant
Web Hosting Security Services
Ford Motor Company
-----Original Message-----
From: RUSSELL T. LEWIS [mailto:RUSSELL_T._LEWIS@spectralresponse.com]
Sent: Monday, August 12, 2002 1:04 PM
To: security-basics@securityfocus.com
Subject: FPORT issues
I've got a PC running NT 4.0 SP 6a and it seems to be trying to wander
around the network on port 6666. I see the events in the firewall log, so I
was going to run FPORT on the system to see what is using port 6666. I dl-ed
fport from foundstone.com at the beginning of this summer and burnt FPORT,
PSTOOLS, PSLIST, and listdlls.exe to a CD. If I run FPORT on my computer it
lists a ton of stuff (I just run it by J:\fport\fport.exe)
When I do the same on the weird PC, I get
D:\fport>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com
D:\fport>
it runs, but lists NOTHING.
any ideas?
How can I see what is using port 6666?
Any other info on how to find out what this is would be great. I've not
actually used these apps until today. Thanks, -Russell
This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. If
you are not the intended recipient, you should delete this message. Any
disclosure, copying, or distribution of this message, or the taking of any
action based on it, is strictly prohibited.
- Previous message: Rick Magill: "Re: Personal Firewalls (Zone Alarm, Tiny Personal Firewall)"
- Maybe in reply to: RUSSELL T. LEWIS: "FPORT issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
