logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

RE: Security problem in installation IE sp1 ?: msg#00180

security.incidents

Subject: RE: Security problem in installation IE sp1 ?

That host is in Korea (note the port 25 banner time is also in KST).

APNIC only shows it as being owned by "Korea Network Information Center."

Use fport to verify this is really being initiated by ie6setup.exe.

Strange... but remember, anything is possible.....

-----Original Message-----
From: Honza.K [mailto:honza.dforum@xxxxxxxxx]
Sent: Thursday, October 17, 2002 1:11 AM
To: bugtraq@xxxxxxxxxxxxxxxxx
Cc: incidents@xxxxxxxxxxxxxxxxx
Subject: Security problem in installation IE sp1 ?


Hello all


i found very strange thing when i install Internet Explorer SP1.

I'm download from www.microsoft.com/downloads/
ie6setup.exe install program. After download and start this program,
install wizard start automatic download. I'm looking on the Firewall
and ie6wzd.exe have open connection to any 62.54.250.120 server.
Downloading was slowly and i haven't time. So i stop automatic
installation. That is ok. But install program show message about
canceling with messege (you must wait several minute .. bla bla.)
I'm looking on my firewall again and i found very strange thing:

program ie6setup.exe have open connection to IP 210.117.67.218 and
port 8080 (probably any proxy).

what is it ?

i open scan to this machine :

* + 210.117.67.218 [Unknown]
|___ 23 Telnet
|___ ........#..'..$
|___ 25 Simple Mail Transfer
|___ 220 icache8 ESMTP Sendmail 8.11.6+Sun/8.11.6; Thu, 17
Oct 2002 17:11:14 +0900 (KST)..
|___ 80 World Wide Web HTTP
|___ 111 SUN Remote Procedure Call
|___ 1720 h323hostcall
|___ 8080 Standard HTTP Proxy

This is computer/server with os Sun 5.7 ?. Microsoft and SUN ?
This isn't posible

Program no. Name Version Protocol Port

(100000) portmapper 4 TCP 111
(100000) portmapper 3 TCP 222
(100000) portmapper 2 TCP 333
(100000) portmapper 4 UDP 444
(100000) portmapper 3 UDP 555
(100000) portmapper 2 UDP 666
(100021) nlockmgr 1 UDP 4045
(100021) nlockmgr 2 UDP 4045
(100021) nlockmgr 3 UDP 4045
(100021) nlockmgr 4 UDP 4045
(100024) status 1 UDP 32773
(100024) status 1 TCP 32771
(100389) 1 UDP 32773
(100389) 1 TCP 32771
(100021) nlockmgr 1 TCP 4045
(100021) nlockmgr 2 TCP 4045
(100021) nlockmgr 3 TCP 4045
(100021) nlockmgr 4 TCP 4045


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[, Melt Man
Next by Date:  Re: Linux Kernel Exploits / ABFrag, Benjamin Krueger
Previous by Thread:  Security problem in installation IE sp1 ?, Honza.K
Next by Thread:  HTTP attack looking for /sumthin ?, jmaywood1975
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation