port 6666-6668 is also used by APC UPS software to manage the UPS. This drove me nuts until I found out :)
But your actually seeing traffic.. So my best guess is that this is IRC related. Which doesn't mean it's not a virus or trojan! Many DDOS programs use irc for controlling the zombies. Clean out that 192.168.0.199 machine. Also try using filemon from sysinternals.com on it to find out what is running. Chris -----Original Message----- From: Kip Sr. [mailto:kipsr1@;yahoo.com] Sent: Thursday, October 10, 2002 3:16 PM To: [EMAIL PROTECTED] Subject: Increase in traffic on port 20480 and 6667 Hi there, In the past few days, my IDS has been picking up traffic coming from port 20480 (on Internet servers) to port 6667 (internal desktops). Both ports are commonly used by trojan horse programs. Has anyone else seens this? 10/10-11:50:01.977897 204.x.x.x:20480 -> 192.168.0.199:6667 TCP TTL:255 TOS:0x10 ID:0 IpLen:20 DgmLen:195 Thanks, Kip Sr. __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com
