G
Guest
II use XP Home and noticed on several occasions attacks on local port 1025. On this port svchost.exe is listening (TCP). These attackers manage somehow to establish an incoming connection on this port using PASV FTP. Luckely I deny inbound traffic for svchost.exe if it's using PASV FTP. In my firewall log I can see these attackers have rather exotic ip's as 220.168.167.245 (CHINANET HUNAN PROVINCE NETWORK) and 219.145.23.169 (CHINANET SHANXI PROVINCE NETWORK). I suggest if someone notices similar inbound traffic on local port 1025 to report it here. It could be that there's someone outthere exploiting a system vulnurability.
PROVINCE NETWORK) and 219.145.23.169 (CHINANET SHANXI PROVINCE NETWORK). I
suggest if someone notices similar inbound traffic on local port 1025 to report
it here. It could be that there's someone outthere exploiting a system
vulnurability.
PROVINCE NETWORK) and 219.145.23.169 (CHINANET SHANXI PROVINCE NETWORK). I
suggest if someone notices similar inbound traffic on local port 1025 to report
it here. It could be that there's someone outthere exploiting a system
vulnurability.