[Dshield] Does ring any bell?

Bruyere, Michel mbruyere at ezemcanada.com
Tue Jan 6 14:50:48 GMT 2004

See within Quote

>    Question: anyone have a clue what this might be? What did
>    the IP address point to at some point?

As for the IP I don't have any clue but you should use a program that maps
the process to each open connection, so you can get the file that is running
this particular connection. Active Port can do that but I think it's not
supported for Win98. 

>    Question: if reverse DNS fails, does this imply that forward
>    DNS also failed? Ie. that the IP address is hard-coded in the
>    program?

You could look in your dns cache to see if there is an entry for it. I can't
remember what the command is under 98, anyone?

>    Question: are backdoors typically smart enough to hide from
>    the task list?

Yes that's the first thing they do, hide themselves.

>    Question: if I telnet to his PC on one of these ports, will
>    I see a command-line interface? With help :-)? Or are backdoor
>    interfaces more commonly binary interfaces (ie w GUI clients)?
> Wrt "netstat -n -a" output, couple of questions.
> When the "local address" is shown as "", does this
> mean that connections are accepted from anywhere? When it shows
> "", does this mean that only local connections are
> accepted? And when it shows a specific IP address, does it mean
> that it accepts connections only from that interface?
> I will be trying SpyBot S&D for sure on his system.

I would suggest to use TDS-3 too, From the www.diamondcs.com

If it was my PC I would simply format it and reinstall.

> Thanks,
> Pierre Lewis

My 0.02$

More information about the list mailing list