[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Mldonkey-users] netbus/subseven traffic from mldonkey?
From: |
Steffen Solyga |
Subject: |
Re: [Mldonkey-users] netbus/subseven traffic from mldonkey? |
Date: |
Wed, 20 Nov 2002 01:40:34 +0100 |
User-agent: |
Mutt/1.4i |
Citing Robert (Tuesday, 2002/11/19 18:54)...
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
> tcp 0 1 MY-ADDRESS:35447 211.101.179.254:1234 SYN_SENT 2307/mldonkey
>
> time:Nov 19 17:48:03 in: out:eth0 port:1234 source:MY-ADDRESS
> dest:211.101.179.254 len:44 tos:0x00 protocol:tcp service:subseven
> time:Nov 19 17:47:13 in: out:eth0 port:12345 source:MY-ADDRESS
> dest:216.40.249.38 len:44 tos:0x00 protocol:tcp service:netbus
Don't know about your /etc/services; check
grep subseven /etc/services
grep netbus /etc/services
for the tcp port numbers. I think you're just connected to
eDonkey servers or clients listening on unusual ports.
Or the mldonkey website has been hacked and a trojan found
its way into the mldonkey code.?:-) Don't believe that, however.
$ telnet 211.101.179.254 1234
Trying 211.101.179.254...
telnet: Unable to connect to remote host: Connection timed out
:-(
--
--------------------------------------------
Steffen Solyga
mail: address@hidden
www : http://www-tet.ee.TU-Berlin.DE/solyga/
--------------------------------------------