[Dshield] PC exhibiting weird behavior
dshield at oitc.com
Sat Dec 3 12:55:17 GMT 2005
>I have a W2K PC that I see sending occasional traffic to random IP
>addresses from ports 135 and 445. I have done a complete virus scan and
>it's clean, but I'm unable to figure out why it's trying to send from
>ports 135 and 445 to random IP address. Any ideas as to what to do next?
Port 135 is used by MS RPC locator service. 445 is used for file
sharing on 2K/NT/XP.
A low level of activity is expected from windows. A high level of
activity indicates a possible worm.
Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax),
Text Paging: http://www.oitc.com/Pager/sendmessage.html
PGP Public Keys available at:
<A HREF="ldap://keyserver.pgp.com/">PGP's Key Server</A>
<A HREF="http://www.oitc.com/OITC/PGPKeys.html">OITC's Public Key List</A>
14A7 A308 266A 3646 FBA8 9A86 E139 F108 B1BE 37BD
More information about the list