Re: Increase in traffic on port 20480 and 6667

Thu, 17 Oct 2002 09:12:11 -0700

Be informed that 6667 is also one of the most common ports for IRC servers to run on....

Hamish Stanaway

-= KoRe WoRkS =- Internet Security
Owner/Operator
http://www.koreworks.com/

New Zealand

Is your box REALLY secure?





From: "Kip Sr." <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Increase in traffic on port 20480 and 6667
Date: Thu, 10 Oct 2002 12:16:09 -0700 (PDT)
MIME-Version: 1.0
Received: from outgoing.securityfocus.com ([205.206.231.27]) by mc8-f38.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 15 Oct 2002 18:17:18 -0700
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid B5334A30D7; Tue, 15 Oct 2002 09:31:25 -0600 (MDT)
Received: (qmail 13910 invoked from network); 11 Oct 2002 19:52:09 -0000
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics@;securityfocus.com>
List-Help: <mailto:security-basics-help@;securityfocus.com>
List-Unsubscribe: <mailto:security-basics-unsubscribe@;securityfocus.com>
List-Subscribe: <mailto:security-basics-subscribe@;securityfocus.com>
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 16 Oct 2002 01:17:18.0196 (UTC) FILETIME=[C4F10B40:01C274B1]

Hi there,

In the past few days, my IDS has been picking up
traffic coming from port 20480 (on Internet servers)
to port 6667 (internal desktops). Both ports are
commonly used by trojan horse programs. Has anyone
else seens this?

10/10-11:50:01.977897 204.x.x.x:20480 ->
192.168.0.199:6667
TCP TTL:255 TOS:0x10 ID:0 IpLen:20 DgmLen:195


Thanks,
Kip Sr.

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

_________________________________________________________________
Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp

Reply via email to