Incidents
Re: Thousands of attempts to port 35825 and 11090 Dec 05 2006 05:05PM
bucklerk dsainc com
I couldn't find anything on these ports either. It's possible they're used by a trojan program.

First scan all your machines behind your router for these open ports. It's possible one of your machines has been infected with a trojan, "phoned home", and now the attacker is trying to gain access.
Just to be safe, run a full virus scan and adware/malware scan or your machines.

If these scans come up negative, and you don't have the ports open on any of your machines, then you're probably safe.

How often do these connection attempts occur?

It's most likely an automated process, possibly scanning your entire IP block for infected machines.

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------
------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus