Re: MYSQL Question
- From: "JS" <no@xxxxxxxx>
- Date: Sat, 28 Jan 2006 07:20:10 -0500
yes
"Sam Hobbs" <samuel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ejMm9axIGHA.2668@xxxxxxxxxxxxxxxxxxxxxxx
> Are you absolutely sure it is "schost.exe"? My guess is that it is
> "svchost.exe", so if you searched for information about "schost.exe", but
> it is it is "svchost.exe", then you would not find anything useful.
>
> If it is "svchost.exe", the search the Technet for "svchost" to get a
> general understanding of what it is.
>
>
> "JS" <no@xxxxxxxx> wrote in message
> news:uSeMDbuIGHA.3176@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello All:
>>
>> Don't know where else to post this so i am hoping someone here might have
>> some info. Early this afternoon, we noticed a spike in our bandwidth. A
>> closer look show one of our web servers in the DMZ as the culprit.
>> Looking at the connections to this server, I found hundreds of
>> connections to a process ...schost.exe on port 1429 connecting to distant
>> machines aall running mysql.
>>
>> This is obviously some sort of worm or DOS launched from or against my
>> box and I am just trying to find come information on it. The server is
>> running windows 2000, IIS5.0, PHP4.83 ....is up to date on all patches
>> and running NAV CORP edition with latest Defs.
>>
>> I need to find out how this worm got dropped and a little more
>> information on it and am coming up blank so far. Any information would be
>> appreciated.
>>
>> Thanks
>>
>
>
.
- Follow-Ups:
- Re: MYSQL Question
- From: Sam Hobbs
- Re: MYSQL Question
- References:
- MYSQL Question
- From: JS
- Re: MYSQL Question
- From: Sam Hobbs
- MYSQL Question
- Prev by Date: Re: MYSQL Question
- Next by Date: Re: MYSQL Question
- Previous by thread: Re: MYSQL Question
- Next by thread: Re: MYSQL Question
- Index(es):
Relevant Pages
|
|
