F
Frank Jones
I am running a honeypot with a fully patched version of Windows XP Home but
without a firewall. A few hours after bringing this sytem online, I see the
XP Home system connects establishes a TCP connection to a remote computer on
port 2490 (src port of 2745), followed by a TCP connection to port 2492 (src
port of 1025). What is strange is there is no previous communication
between this system and this remote host prior to these connections.
Can anyone educate me on what might be the cause of this? I'd gladly share
the packet trace if that would be of help.
Also, I currently observe svthost.exe having a connection to a remote system
(it seems to vary over time) bound on the local port 1025.
Thoughts would be appreciated.
Frank
without a firewall. A few hours after bringing this sytem online, I see the
XP Home system connects establishes a TCP connection to a remote computer on
port 2490 (src port of 2745), followed by a TCP connection to port 2492 (src
port of 1025). What is strange is there is no previous communication
between this system and this remote host prior to these connections.
Can anyone educate me on what might be the cause of this? I'd gladly share
the packet trace if that would be of help.
Also, I currently observe svthost.exe having a connection to a remote system
(it seems to vary over time) bound on the local port 1025.
Thoughts would be appreciated.
Frank