[Dshield] PC exhibiting weird behavior

Tom dshield at oitc.com
Sat Dec 3 12:55:17 GMT 2005


>I have a W2K PC that I see sending occasional traffic to random IP
>addresses from ports 135 and 445. I have done a complete virus scan and
>it's clean, but I'm unable to figure out why it's trying to send from
>ports 135 and 445 to random IP address. Any ideas as to what to do next?

Port 135 is used by MS RPC locator service. 445 is used for file 
sharing on 2K/NT/XP.

A low level of activity is expected from windows. A high level of 
activity indicates a possible worm.

Tom
-- 

Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
http://www.oitc.com/Antarctica/

PGP Public Keys available at:
<A HREF="ldap://keyserver.pgp.com/">PGP's Key Server</A>
<A HREF="http://www.oitc.com/OITC/PGPKeys.html">OITC's Public Key List</A>
14A7 A308 266A 3646 FBA8  9A86 E139 F108 B1BE 37BD


More information about the list mailing list