port 1025

From: Dermot Paikkos (dermot_at_sciencephoto.com)
Date: 08/24/04

  • Next message: Ron Bramblett: "Summary: Continueing KZPSC-BA Raid Panic" 
    Date: Tue, 24 Aug 2004 09:14:31 +0100
To: tru64-unix-managers@ornl.gov

    Hi Managers,

    SYS: Dec Alpha 3000, Tru64 4.0D.

    I have the above old machine that runs an MTA exim 3 plus a BIND
    server. I have noticed over the last few days some unusual activity
    on our router during the evenings. The activity was incoming and at
    first I suspected a Windows users was downloading something over-
    night. On one has confessed. I was also aware of a large increase in
    spam but again this might be explained by other means.

    What does concern me is there is some activity on the above server
    that I can not explain and is not from my local network.

    tcp 0 0 helios.1025 S010600485481094.63321
    ESTABLISHED
    tcp 0 0 helios.1025 S010600485481094.65021
    ESTABLISHED
    tcp 0 0 helios.1025 61.177.84.69.4011
    ESTABLISHED
    tcp 0 0 helios.1025 218.90.130.48.3167
    ESTABLISHED
    tcp 0 0 helios.1025 194.135.56.235.3876
    ESTABLISHED
    tcp 0 0 helios.1025 adsl39-107.globa.3681
    ESTABLISHED
    tcp 0 0 localhost.1025 *.*
    LISTEN
    tcp 0 0 helios.1025 *.*
    LISTEN

    I have disabled all non-essential services on the server and still
    there is the above activity. I fear I have a virus or someone is
    planted something on my server.

    Can anyone advise?
    Thanx.
    Dp.

    ~~
    Dermot Paikkos * dermot@sciencephoto.com
    Network Administrator @ Science Photo Library
    Phone: 0207 432 1100 * Fax: 0207 286 8668

  • Next message: Ron Bramblett: "Summary: Continueing KZPSC-BA Raid Panic"

    Relevant Pages

    • Bind-chroot-9.3.1-4 problem
      ... The symbolic links in /etc were already set up when I installed FC4 ... Bind functioned fine as a DNS server to the internet and accepted mail to ... But, within the local network, it is oblivious to any other machine. ...
      (Fedora)
    • Re: Remote office
      ... If you can setup that member DC on your local network, ... The workstations in the remote location will have to be joined to the domain ... "Dave Claxon" schreef in bericht ... > anywhere near a server of any kind until my boss bought this SBS2000 about ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: Wanting to place my hosted web on my server
      ... Or My son is on that network where the server ... >> the router setup page. ... From outside the local network there may be some ... >> one with port 80 open. ...
      (microsoft.public.windows.server.dns)
    • RE: [SLE] Basic setup questions [Part 1]
      ... On Saturday, October 08, 2005 @12:19 PM, Kevin wrote: ... > - Samba Server ... >For example, my LinkSys WRT54G is the house DHCP server, so my PC ... router picks up those addresses and serves them up to my local network. ...
      (SuSE)
    • Job Error. Need help ASAP.
      ... one in a DMZ and the other on our ... form the server on the DMZ. ... the local network. ... Provider Error: 1326 ...
      (microsoft.public.sqlserver.security)