|
Posted by winged on July 22, 2005, 2:58 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Using Win2k on both machines, no NICs, just modems. I'll see what -n says
> tomorrow, thanks.
>
>
>
>>Patrick Sullivan wrote:
>>
>>
>>>I have been trying to figure out why this computer (Jim) has all these
>>>ded.pacbell.net listeners in it. It's my boss's systenm, uses the same
>>>connections I do, same software etc. But mine (w2005) looks more normal.
>>>TIA!
>>>
>>>Active Connections (in computer Jim)
>>>
>>> Proto Local Address Foreign Address State
>>> TCP jim:epmap ded.pacbell.net:0 LISTENING
>>> TCP jim:microsoft-ds ded.pacbell.net:0 LISTENING
>>> TCP jim:1025 ded.pacbell.net:0 LISTENING
>>> TCP jim:1026 ded.pacbell.net:0 LISTENING
>>> TCP jim:10110 ded.pacbell.net:0 LISTENING
>>> UDP jim:microsoft-ds *:*
>>>
>>>Active Connections (in computer w2005)
>>>
>>> Proto Local Address Foreign Address State
>>> TCP w2005:epmap w2005:0 LISTENING
>>> TCP w2005:microsoft-ds w2005:0 LISTENING
>>> TCP w2005:1025 w2005:0 LISTENING
>>> TCP w2005:1026 w2005:0 LISTENING
>>> TCP w2005:10110 w2005:0 LISTENING
>>> UDP w2005:microsoft-ds *:*
>>> UDP w2005:isakmp *:*
>>>
>>>Patrick
>>
>>try the "-n" flag on the netstat command line. That'll show you the IP
>>addresses instead of the names, which might give you the clues you need.
>>My first guess would be that there's some oddiosity with the DNS.
>>
>>How many network cards does the machine have?
>>
>>What operating system are you using?
>>
>>Chris
>>--
>>Minimal false-possitive packet matching for complex protocols with Linux
>>and IpTables .. http://www.lowth.com/rope
>>
>
>
>
I would think of potential ms rpc compromise though i can't be sure from
what's provided. Are these machines going through a common firewall or
is w2005 (your maachine) using boss machine as a network gateway?
I must be tired to ask the question...
winged
| 
XML site map