Hi all,
Having conducted some quick network scans, I've identified that TCP 12345 is open on several of my computers. Conducting a few further tests shows that it is listening on 0.0.0.0 and is listed against a system process.
TCP 12345 is commonly used by script-kiddies when playing around with various trojan client/server packages (netbus, Sub7, and their multitude of spin offs).
My question is this... attached to the system process, what can I do to establish provenance of the potentially malicious software?
(I am aware that TCPport 12345 is used by some anti-virus suites, but none of these are present on the workstations in question.).
Thanks!
Having conducted some quick network scans, I've identified that TCP 12345 is open on several of my computers. Conducting a few further tests shows that it is listening on 0.0.0.0 and is listed against a system process.
TCP 12345 is commonly used by script-kiddies when playing around with various trojan client/server packages (netbus, Sub7, and their multitude of spin offs).
My question is this... attached to the system process, what can I do to establish provenance of the potentially malicious software?
(I am aware that TCPport 12345 is used by some anti-virus suites, but none of these are present on the workstations in question.).
Thanks!
