[Dshield] (no subject)
vancel at winfreeacademy.com
Tue Aug 9 21:48:35 GMT 2005
BL0NDIED0LL at aol.com wrote:
>After opening an email containing a picture, my firewall zonelabs has been
>targeted wit port scans attacking ports udp 2324,6346 udp 3667 and tcp 6346
>I am not using any gnutella program, any ideas what I should be looking for
>on my computer? I have up to date virus protection, run adaware and spybot, I
>come up clean. also what is cosmocall, I find the port information, but nothing
>as to what it is. Any help would be greatly appreciated
Along with what the others have said, here is another, more pessimistic
If the picture was a link in an HTML email, the moment you opened it,
your computer made a connection to the server where the picture was
stored. If the server is a malicious server, there could be a system
watching for everyone that opens that picture and starts probing the IP
address for security vulnerabilities with the goal of infecting the machine.
This would be a good method if the culprit wanted to avoid wasting time
trying to connect to IP addresses that are either not in use, or are not
assigned. It also guarantees that a computer is connected at that
moment so the probe goes unwasted.
Just some thoughts.
Winfree Academy Charter Schools
More information about the list