[Dshield] PC exhibiting weird behavior

Handy, Mark (IT) Mark.Handy at morganstanley.com
Sat Dec 3 16:04:07 GMT 2005


Have you looked at running FPORT? This will tell you process against
executable/file that is running.

Mark Handy
STAR (Security Threat Assessment and Response)
 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Deb Hale
Sent: Saturday, December 03, 2005 9:58 AM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] PC exhibiting weird behavior



What is the date on your virus definitions? Is your W2K machine fully
patched.  There are a number of worms that are uusing these two ports.
It
could either be an old version that you are detecting, or a new version
yet
undetected.

Deb



Behalf Of Walzer, Jeff
Sent: Friday, December 02, 2005 3:19 PM
To: list at lists.dshield.org
Subject: [Dshield] PC exhibiting weird behavior

I have a W2K PC that I see sending occasional traffic to random IP
addresses
from ports 135 and 445. I have done a complete virus scan and it's
clean,
but I'm unable to figure out why it's trying to send from ports 135 and
445
to random IP address. Any ideas as to what to do next?
 
Thanks...
_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription
options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender.  Sender does not waive confidentiality or privilege, and use is prohibited.



More information about the list mailing list