[Dshield] Is there a legitimate service named doom?

David Cary Hart DShield at TQMcube.com
Thu Jun 23 18:54:27 GMT 2005

On Thu, 2005-06-23 at 10:28 -0700, securityguy at dslextreme.com wrote:
> Troubleshooting a windows 2k server, a netstat showed a protocol named
> "doom" listening on port 1035.  The latest virus scans show no infection
> (symantec, mcafee stinger, and trendmicro's housecall) all report clean. 
> There's been (so far as I can tell) no slow down in service, increase in
> disk size, or anything out of the ordinary.  It possible that this is a
> normal service as opposed to someone running a game?  How would I track
> down what is spawning this service?

Is anything on 1024?
      * Eliminate Spam:         http://www.TQMcube.com/spam_trap.htm
      * RBLDNSD HowTo:          http://www.TQMcube.com/rbldnsd.htm
      * Multi-RBL Check:        http://www.TQMcube.com/rblcheck.htm

More information about the list mailing list