[Dshield] Active Ports Freeware & Outbound 137 Scans

Yevette Maurer yevettem at gsmt.com
Fri Sep 12 16:53:00 GMT 2003


Just thought I would share this with everyone on this list, maybe it will
come in handy for some of you. We found this neat little tool called Active
Ports. Here is the description off their website:

Active Ports - easy to use tool for Windows NT/2000/XP that enables you to
monitor all open TCP and UDP ports on the local computer. Active Ports maps
ports to the owning application so you can watch which process has opened
which port. It also displays a local and remote IP address for each
connection and allows you to terminate the owning process. Active Ports can
help you to detect Trojans and other malicious programs.
http://www.protect-me.com/freeware.html

We just found out that one of our Real Estate Agents that are connected to
our network (at our other office building - they pay us for Internet access
and are using their own systems not maintained by us) is sending out UDP 137
scans in massive amounts. He's inside our firewall (ISA Server), don't know
how a worm could have got in. He's using and up-to-date version of Norton AV
and BlackIce. Thought it was W32/Opaserv.worm, but can't find any traces of
it. We disconnected him from the network last night, and one of the other
guys in our Tech Dept. went out there to look at it again this morning.
Don't know what it could be, hope that the Active Ports tool can help us.
He's also going to try to see if McAfee can find something that Norton
didn't. If anyone has any other suggestions, it would be greatly
appreciated.




More information about the list mailing list