[Dshield] (no subject)

Laura Vance vancel at winfreeacademy.com
Tue Aug 9 21:48:35 GMT 2005

BL0NDIED0LL at aol.com wrote:

>After opening an email containing a picture, my firewall zonelabs has been 
>targeted wit port scans attacking ports udp 2324,6346 udp 3667 and tcp 6346
>I am not using any gnutella program, any ideas what I should be looking for 
>on my computer? I have up to date virus protection, run adaware and spybot, I 
>come up clean. also what is cosmocall, I find the port information, but nothing 
>as to what it is. Any help would be greatly appreciated
Along with what the others have said, here is another, more pessimistic 

If the picture was a link in an HTML email, the moment you opened it, 
your computer made a connection to the server where the picture was 
stored.  If the server is a malicious server, there could be a system 
watching for everyone that opens that picture and starts probing the IP 
address for security vulnerabilities with the goal of infecting the machine.

This would be a good method if the culprit wanted to avoid wasting time 
trying to connect to IP addresses that are either not in use, or are not 
assigned.  It also guarantees that a computer is connected at that 
moment so the probe goes unwasted.

Just some thoughts.

Laura Vance
Systems Engineer
Winfree Academy Charter Schools

More information about the list mailing list