Strange Client Behavior: Port 8002 Looking for Other Ports
From: Will (DELETE_westes_at_earthbroadcast.com)
Date: 01/11/05
- Next message: Jerry Bryant [MSFT]: "Microsoft Security Bulletin(s) for 1/11/2005"
- Previous message: Joe Richards [MVP]: "Re: Active Service Database"
- Next in thread: Shalom B.: "Re: Strange Client Behavior: Port 8002 Looking for Other Ports"
- Reply: Shalom B.: "Re: Strange Client Behavior: Port 8002 Looking for Other Ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Jan 2005 10:05:38 -0800
I have strange symptoms on a Windows 2000 client. For long
periods each day, this client, which is behind Microsoft Proxy
2.0, stops access to the Internet. In the sniffer trace, what
I see is repetitive behavior where the client will send out TCP
connections from source port 8002 to successive ports on our DNS
server. It appears to attempt connection to each port three
times, and then it goes on to the next one. 1937, 1938, 1939,
etc.
This sure looks like some kind of port sniffing activity, maybe a
virus, but does anyone recognize the source port number and
behavior as belonging to some legitimate Windows 2000 client
behavior?
-- Will Internet: westes at earthbroadcast.com
- Next message: Jerry Bryant [MSFT]: "Microsoft Security Bulletin(s) for 1/11/2005"
- Previous message: Joe Richards [MVP]: "Re: Active Service Database"
- Next in thread: Shalom B.: "Re: Strange Client Behavior: Port 8002 Looking for Other Ports"
- Reply: Shalom B.: "Re: Strange Client Behavior: Port 8002 Looking for Other Ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
