UDP on ports 1026,1027 svchost.exe only sometimes?

[isolatedchaos]

Greetings everyone

Well... This is my first post on this site and i apologize for not formally introducing myself.

Just a little background before i get to the point: I have been visiting this site, just to browse some of the forums and read articles. I consider myself a computer security enthusiast. I have no type of certifications or degrees (Yet!!!!) but i do have a fair amount of experience with networking, trouble shooting hardware/software, some programming C/VB and basic computer security.... Anyways, enough about me....

What caught my attention about this thread was the fact that dogman had random UDP packets arriving on ports 1026/1027.... I have actually sniffed some of these packets (Random UDP packets targeting ports 1026/1027) while doing some work on my *nix box but never thought anything of them.... When i saw this post i did a check of my firewall log and sure enough i have multiple occurrences of these packets originating from what seems to be a computer on the same network as dogman's remote computer (61.152.158.151), my log shows an IP of 61.152.158.123. As far as the actual Data portion of the packet this here is the HEX:


0000: 00 0D 61 AC 09 BA 00 0B : 23 C1 A0 36 08 00 45 00 | ..a.....#..6..E.
0010: 01 53 00 00 40 00 2D 11 : 00 0D 3D 98 9E 7B 45 6E | [email protected]...=..{En
0020: 2B 0C 81 27 04 02 01 3F : 63 19 04 00 28 00 10 00 | +..'...?c...(...
0030: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0040: 00 00 F8 91 7B 5A 00 FF : D0 11 A9 B2 00 C0 4F B6 | ....{Z........O.
0050: E6 FC 38 43 16 9E 01 89 : 45 6E 25 2A FD D7 99 61 | ..8C....En%*...a
0060: 33 71 00 00 00 00 01 00 : 00 00 00 00 00 00 00 00 | 3q..............
0070: FF FF FF FF E7 00 00 00 : 00 00 10 00 00 00 00 00 | ................
0080: 00 00 10 00 00 00 53 59 : 53 54 45 4D 00 00 00 00 | ......SYSTEM....
0090: 00 00 00 00 00 00 10 00 : 00 00 00 00 00 00 10 00 | ................
00A0: 00 00 41 4C 45 52 54 00 : 00 00 00 00 00 00 00 00 | ..ALERT.........
00B0: 00 00 A3 00 00 00 00 00 : 00 00 A3 00 00 00 57 69 | ..............Wi
00C0: 6E 64 6F 77 73 20 68 61 : 73 20 65 6E 63 6F 75 6E | ndows has encoun
00D0: 74 65 72 65 64 20 61 6E : 20 49 6E 74 65 72 6E 61 | tered an Interna
00E0: 6C 20 45 72 72 6F 72 0A : 59 6F 75 72 20 57 69 6E | l Error.Your Win
00F0: 64 6F 77 73 20 72 65 67 : 69 73 74 72 79 20 69 73 | dows registry is
0100: 20 63 6F 72 72 75 70 74 : 65 64 2E 0A 41 6E 20 49 | corrupted..An I
0110: 6D 6D 65 64 69 61 74 65 : 20 73 79 73 74 65 6D 20 | mmediate system
0120: 73 63 61 6E 20 69 73 20 : 72 65 63 6F 6D 6D 65 6E | scan is recommen
0130: 64 65 64 2E 0A 0A 76 69 : 73 69 74 20 0A 0A 68 74 | ded...visit ..ht
0140: 74 70 3A 2F 2F 65 2D 72 : 65 67 70 61 74 63 68 2E | tp://e-regpatch.
0150: 63 6F 6D 0A 0A 74 6F 20 : 72 65 70 61 69 72 2E 0A | com..to repair..
0160: 00 : | .

Dont know if this helped at all but im curious to see what the experts thinks ....

Sorry for the long "first post"

Ill try to drop in more offten.

WILL