[Dshield] Is there a legitimate service named doom?

securityguy@dslextreme.com securityguy at dslextreme.com
Thu Jun 23 17:28:54 GMT 2005


Troubleshooting a windows 2k server, a netstat showed a protocol named
"doom" listening on port 1035.  The latest virus scans show no infection
(symantec, mcafee stinger, and trendmicro's housecall) all report clean. 
There's been (so far as I can tell) no slow down in service, increase in
disk size, or anything out of the ordinary.  It possible that this is a
normal service as opposed to someone running a game?  How would I track
down what is spawning this service?

- SG





More information about the list mailing list