StarDestroyer.Net BBS

I've been noticing some outgoing Telnet connections to mail.traininghott.com lately, but I don't know what's sending them. I took a packet dump of one of the offending packets, which is here (in libpcap format, can be read with Ethereal).

Have any of you heard of anything like this before?

By the way, the mail server is running MS Exchange. And for the moment, I've blocked port 23 at my Linux firewall, so it can still try and send packets but won't have any success.

Run a virs scanner asap and then run a spyware checker.

Unknown outgoint connections IS a BAD thing.

I've had NAV running, constantly updated, and no beef. AdAware 6 is installed, and a scan only turned up a couple of Internet Explorer cookies that I forgot to get rid of.

Still no clue.

Crayz9000 wrote:I've had NAV running, constantly updated, and no beef. AdAware 6 is installed, and a scan only turned up a couple of Internet Explorer cookies that I forgot to get rid of.

Still no clue.

Its possible you have a trojan that NAV cant detect. Have you looked at your process' to see if something you dont recognize is running. Since this is Exchange are you up to date with Service Packs, Hot fixes, and critical updates?

Do you think I'd be stupid enough to run MS Exchange? I detected an outgoing telnet connection to a MS Exchange server located at mail.traininghott.com.

Crayz9000 wrote:Do you think I'd be stupid enough to run MS Exchange? I detected an outgoing telnet connection to a MS Exchange server located at mail.traininghott.com.

Hehe, thats wasnt clear from your post. Not to me anyway, Is the machine with the outbounds Linux too?

TrailerParkJawa wrote:Hehe, thats wasnt clear from your post. Not to me anyway, Is the machine with the outbounds Linux too?

No, it's Windows 2000.

Oddly enough, since I restarted my computer haven't had any more connections... I'll leave the packetsniffer running while I'm gone, though, and see what turns up.