Joined: 20 February 2008
Location: United States
Posted: 02 December 2011 at 3:59am
Reviewing my firewall logs I see one sever flagged with Back Orifice traffic as it is contacting hosts from local port 28797 to remote port 31337. The connections are random. Is it possible to set up TCPView to trap or save when a certain connection is made instead of watching TCPView and waiting for these connections?
Captured a pcap file for network traffic, but there is no associated process to be gleaned from the packet capture. Trying to determine if this is a false positive, or something legitimate.
|Forum Jump||Forum Permissions
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum