Of course the one machine on my network that runs Windows has to get a trojan 
. I don't
use the machine, it's primarily for my roomy, and guest usage. It's running Win98. It's connected
to a hub, and when I am using my laptop in the living room, I connect to that hub. I noticed that
my LAN transfer speed was much worse than normal lately. I ran a packet sniffer on my OpenBSD
firewall and found the resulting log:
tcpdump log
It looks like it is trying to do a buffer overflow on DNS servers. I guess it's time for me to tighten
down my firewall and only let port 53 out for the two caching nameservers I have on my LAN.
Nothing seems out of whack in the process list on the Windows box, but it's been a long time
since I've really dug deep into Windows. My guess is that the trojan got on from an IE exploit.
I ran a virus check on it (housecall.antivirus.com) and the results were clean.
. I don'tuse the machine, it's primarily for my roomy, and guest usage. It's running Win98. It's connected
to a hub, and when I am using my laptop in the living room, I connect to that hub. I noticed that
my LAN transfer speed was much worse than normal lately. I ran a packet sniffer on my OpenBSD
firewall and found the resulting log:
tcpdump log
It looks like it is trying to do a buffer overflow on DNS servers. I guess it's time for me to tighten
down my firewall and only let port 53 out for the two caching nameservers I have on my LAN.
Nothing seems out of whack in the process list on the Windows box, but it's been a long time
since I've really dug deep into Windows. My guess is that the trojan got on from an IE exploit.
I ran a virus check on it (housecall.antivirus.com) and the results were clean.
Facebook
Twitter