attacks on local port 1025

G

Guest

II use XP Home and noticed on several occasions attacks on local port 1025. On this port svchost.exe is listening (TCP). These attackers manage somehow to establish an incoming connection on this port using PASV FTP. Luckely I deny inbound traffic for svchost.exe if it's using PASV FTP. In my firewall log I can see these attackers have rather exotic ip's as 220.168.167.245 (CHINANET HUNAN PROVINCE NETWORK) and 219.145.23.169 (CHINANET SHANXI PROVINCE NETWORK). I suggest if someone notices similar inbound traffic on local port 1025 to report it here. It could be that there's someone outthere exploiting a system vulnurability.

PROVINCE NETWORK) and 219.145.23.169 (CHINANET SHANXI PROVINCE NETWORK). I

suggest if someone notices similar inbound traffic on local port 1025 to report

it here. It could be that there's someone outthere exploiting a system

vulnurability.
 
G

Greg R

Yes. I notice this too.
However, I think this has to do with raw_socket. I read that they
will stop tcp sends over raw_socket with the final release of xp sp2.

Greg R
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

attacks on local port 1025 2
heavy traffic on port 1025 6
Port Forwarding on MN-500 4
Black ops: how HBGary wrote backdoors for the government (Part 1) 0
WTD: Nvidia Videocard for 4x AGP Slot 0
FWT Newsletter - Weekly - November 17, 2003 0

Top