Thursday, March 17, 2005

Strange ?

I find a funny thing when i use Netcat , it open connection to 83.138.187.18
using port that i define in netcat options listening for example : 333
even i change the port number but it still happen ?

what does it means ?
im not testing it yet on windows or another PC

I use it on my box (fedora core 1) with Wine with Netcat 1.10 for NT - nc11nt.zip

[y3dips@y3dips netcat]$ wine nc.exe L 333
Could not stat /mnt/floppy (No such file or directory), ignoring drive A:

[y3dips@y3dips y3dips]$ netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.9:32780 216.155.193.183:5050 ESTABLISHED
tcp 0 1 192.168.1.9:34217 83.138.187.18:333 SYN_SENT

[y3dips@y3dips y3dips]$ ping ultimatesearch.com
PING ultimatesearch.com (83.138.187.18) 56(84) bytes of data.
64 bytes from 83.138.187.18: icmp_seq=0 ttl=52 time=1319 ms

even when i change to another port

[y3dips@y3dips netcat]$ wine nc.exe lvvp 8888
Could not stat /mnt/floppy (No such file or directory), ignoring drive A:

[y3dips@y3dips y3dips]$ netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 1 192.168.1.9:34278 83.138.187.18:8888 SYN_SENT

is it backdoor ?
the funny things is why it connect to http://ultimatesearch.com

any comment or suggestion ?
maybe i use a wrong netcat on my linux box with wine

btw, after that i download netcate from sf.net
n i cek the md5
after that i run it again n it workz

No comments:

Post a Comment