[Dshield] Is there a legitimate service named doom?

Deb Hale haled at pionet.net
Thu Jun 23 19:58:48 GMT 2005

SG - They only reference I have seen to the "Doom" protocol is in connection
with the game Doom.  Usually though it uses port 666.  Does this server by
chance have any unusual programs installed?


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of securityguy at dslextreme.com
Sent: Thursday, June 23, 2005 12:29 PM
To: list at lists.dshield.org
Subject: [Dshield] Is there a legitimate service named doom?

Troubleshooting a windows 2k server, a netstat showed a protocol named
"doom" listening on port 1035.  The latest virus scans show no infection
(symantec, mcafee stinger, and trendmicro's housecall) all report clean. 
There's been (so far as I can tell) no slow down in service, increase in
disk size, or anything out of the ordinary.  It possible that this is a
normal service as opposed to someone running a game?  How would I track down
what is spawning this service?

- SG

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list