[Wolves] Random traffic
Wayne Morris
wayne at machx.co.uk
Tue Nov 1 02:23:23 GMT 2005
chris ball wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Part of my firewall logs
>
>Length:100 TOS:0x00 Protocol:UDP Service:Unknown
>Time:Nov 1 01:19:07 Direction: Unknown In:ppp0 Out: Port:11691
>Source:216.32.7.81 Destination:82.14.88.54
>
>Length:96 TOS:0x00 Protocol:UDP Service:Unknown Time:Nov 1 01:19:09
>Direction: Unknown In:ppp0 Out: Port:11691 Source:216.177.151.253
>Destination:82.14.88.54
>
>Length:100 TOS:0x00 Protocol:UDP Service:Unknown
>Time:Nov 1 01:19:14 Direction: Unknown In:ppp0 Out: Port:11691
>Source:216.35.205.185 Destination:82.14.88.54
>
>Length:99 TOS:0x00 Protocol:UDP Service:Unknown
>Time:Nov 1 01:19:15 Direction: Unknown In:ppp0 Out: Port:11691
>Source:216.34.208.132 Destination:82.14.88.54
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.1 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFDZsNOKVEmauI7kD4RAs5cAKCIriBZqa2FS0bROm/aHH1HfVg9PACglq3W
>RL3YEm094rzk8WBY1NOQ4Dk=
>=TF4L
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Wolves LUG mailing list
>Homepage: http://www.wolveslug.org.uk/
>Mailing list: Wolves at mailman.lug.org.uk
>Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves
>
>
Yike, I'm probably wrong but I read that as 'you have a trojan trying to
call OUT on 11691' rather than one trying to get in?
Google show results for "Checks for the presence Desktop Orbiter"
look at
http://www.securityspace.com/smysecure/catid.html?id=11691
if you have windows pc on your network, is it trying to call home?
Or if is inbound, is the source trying to find a pc with this program?
--
Wayne Morris
Machx
T 01902 490554
F 01902 405353
M 07960 859346
W www.machx.co.uk
More information about the Wolves
mailing list