Strange. Absolute Strange!!!!!!
Results 1 to 6 of 6

Thread: Strange. Absolute Strange!!!!!!

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    187

    Strange. Absolute Strange!!!!!!

    Hello all!
    Today something very strange is happening on my network. When i started my PC my KERIO firewall is always asking me what to do with one incoming conection.

    _______________________________________________-
    [08.12.2004 „. 21:43:49]

    Direction: incoming
    Local Point: 0.0.0.0, port 1025
    Adapter: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
    Remote Point: 213.91.228.206 [213.91.228.206], port 4502
    Protocol: TCP

    Application path: System
    Description: system
    File version:
    Created: N/A
    Modified: N/A
    Accessed: N/A

    RuleId = 536870933
    _________________________________
    The IP from where it is comming i know! I spoke with the man to whom belong the IP and he told me that he does nothing( and i can trust him 100%)
    Can someone tell me what the hell is going on here.
    What is that aplication system? Is he trying to use remote control of windows?
    Please any suggestion?
    Remember, all I\'m offering is the truth, nothing more.

  2. #2
    Member
    Join Date
    Mar 2004
    Posts
    81
    do you think it is possible his computer has been infected / hijacked / compromised and your computer has been attacked and could also be infected / hijacked / compromised ?

  3. #3
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    1024 - the port you're talking about is RPC.... How can you trust him exactly? What makes you think he's OK too trust? Do you allow him to know your IP? What exactly made you think he was OK?
    Kill the lights, let the candles burn behind the pumpkinsí mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #4
    Senior Member
    Join Date
    Oct 2004
    Posts
    187
    He is a friend of me. We live in the same building. And we use LAN chat enterprise for comunication(so he must know my IP). Ah, and few minutes ago i was visiting him and i found out he has a worm svcsp.
    And gore what means RPC?
    Remember, all I\'m offering is the truth, nothing more.

  5. #5
    Member
    Join Date
    Mar 2004
    Posts
    81
    RPC = Remote Procedure Call .. can be used by a service for legit means, or in your case by a worm to propogate to another machine.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Taking this a step further, port 1025 is MSTask Scheduler. Also, look at your rule ID number (RuleId = 536870933) and reference it on the support page provided by your vendor. It will surely tell you when, how and why it triggers.

    If you REALLY want to know what is up, fire up ethereal and watch the network traffic from his host to yours.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides