Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Trojan on my system ??

from [thunderstar] Network Security [Permanent Link]
Subject: Trojan on my system ??
Date: 24 Oct 2005 16:03:53 -0000 
Hi all,

could it be, I have a trojan on my system ? If, yes, how could I find out ? 
rkhunter and chkrootkit did find nothing unusual.

This is, what snort sent to me:
Events between  10 23 15:45:53  and  10 23 21:20:59
Total events: 11
Signatures recorded: 3
Source IP recorded: 1
Destination IP recorded: 4


Events from same host to same destination using same method
=========================================================================
 # of  from             to               method
=========================================================================
    3  192.168.1.10     62.245.157.232   (http_inspect) IIS UNICODE CODEPOINT 
ENCODING
    2  192.168.1.10     194.129.79.8     (portscan) TCP Portsweep
    2  192.168.1.10     194.129.79.8     (portscan) TCP Portscan
    2  192.168.1.10     216.113.178.120  (portscan) TCP Portsweep


Percentage and number of events from a host to a destination
============================================================
  %    # of  from             to               
============================================================
36.36     4  192.168.1.10     194.129.79.8   
27.27     3  192.168.1.10     62.245.157.232 
18.18     2  192.168.1.10     216.113.178.120
18.18     2  192.168.1.10     66.135.192.85  


Percentage and number of events from one host to any with same method
==============================================================
  %    # of  from             method
==============================================================
45.45     5  192.168.1.10     (portscan) TCP Portsweep    
27.27     3  192.168.1.10     (http_inspect) IIS UNICODE CODEPOINT ENCODING
27.27     3  192.168.1.10     (portscan) TCP Portscan     


Percentage and number of events to one certain host
=================================================================
  %    # of  to               method
=================================================================
27.27     3  62.245.157.232   (http_inspect) IIS UNICODE CODEPOINT ENCODING
18.18     2  194.129.79.8     (portscan) TCP Portscan     
18.18     2  194.129.79.8     (portscan) TCP Portsweep    
18.18     2  216.113.178.120  (portscan) TCP Portsweep    


The distribution of event methods
===============================================
  %    # of  method
===============================================
45.45     5  (portscan) TCP Portsweep        
                 2     192.168.1.10    -> 194.129.79.8   
                 2     192.168.1.10    -> 216.113.178.120
                 1     192.168.1.10    -> 66.135.192.85  
27.27     3  (http_inspect) IIS UNICODE CODEPOINT ENCODING
                 3     192.168.1.10    -> 62.245.157.232 
27.27     3  (portscan) TCP Portscan         
                 2     192.168.1.10    -> 194.129.79.8   
                 1     192.168.1.10    -> 66.135.192.85  


It seems, tha I do attacks to the web. Or does someone redirect some services 
from me ?

Any clue is welcome !

Best regards

Hans
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Trojan on my system ??, thunderstar <=
Previous by Date:  RE: GET //awstats.pl? in apache logs, mail list
Next by Date:  SF new article announcement: The click-wrap conundrum, Kelly Martin
Previous by Thread:  Ecryption Cracking Tools, jalbuquerque
Next by Thread:  SF new article announcement: The click-wrap conundrum, Kelly Martin
Indexes:  [Date] [Thread] [Top] [All Lists]