TFTP is usually "Trivial FTP", normally used to remotely boot network devices.
My old Sun XTerm used Reverse ARP to find an IP address for itself, then used Trivial FTP to download a kernel from the ARP/RARP host (that ran the tftp daemon) and then booted itself in operation. Not sure why Win2k would be running tftpd thou, unless you're box has been infected with a viral/trogen program programs as mentioned below. In short - you've been j0wned :) --On Wednesday, 3 October 2001 3:15 p.m. +1200 Paul Heinz <[EMAIL PROTECTED]> wrote: > Alex wrote: > >> Looking at W2K task manager, I noticed tftp.exe popping up within process >> list alongside with cmd.exe. After a while both disappear. >> >> Does anybody know what is happenning ? > > Umm.. unless you're running TFTP (tiny ftp) services for a reason, I say > you could well be infected with the Code Red and/or Nimda worms. > >> From reading the CERT lists, they both install tftp servers on your >> machine > to allow machines that you then reach out and infect to pull over the full > worm install kit. > > Have you installed the IIS exploit patches from Microsoft that Code Red > and Nimda use. And if you haven't got ZoneAlarm (or similar) installed - > I'd suggest you install it and see what tasks are generating outbound IP > traffic on your machine. > > TTFN, > Paul. > > > > > > ------------------------------------------------------------------------- > -- New Zealand Delphi Users group - Offtopic List - > [EMAIL PROTECTED] Website: http://www.delphi.org.nz > To UnSub, send email to: [EMAIL PROTECTED] > with body of "unsubscribe offtopic" > Web Archive at: http://www.mail-archive.com/offtopic%40delphi.org.nz/ > -- Mark Derricutt E-Mail: [EMAIL PROTECTED] Senior Delphi Developer ICQ: 19348533 Time Disciple Ltd http://www.timedisciple.com Limitations only serve to give direction to your goals Vi de udødelige inviterer dere til å slå dere sammen med oss --------------------------------------------------------------------------- New Zealand Delphi Users group - Offtopic List - [EMAIL PROTECTED] Website: http://www.delphi.org.nz To UnSub, send email to: [EMAIL PROTECTED] with body of "unsubscribe offtopic" Web Archive at: http://www.mail-archive.com/offtopic%40delphi.org.nz/
