I find a funny thing when i use Netcat , it open connection to 83.138.187.18
using port that i define in netcat options listening for example : 333
even i change the port number but it still happen ?
what does it means ?
im not testing it yet on windows or another PC
I use it on my box (fedora core 1) with Wine with Netcat 1.10 for NT - nc11nt.zip
[y3dips@y3dips netcat]$ wine nc.exe L 333
Could not stat /mnt/floppy (No such file or directory), ignoring drive A:
[y3dips@y3dips y3dips]$ netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.9:32780 216.155.193.183:5050 ESTABLISHED
tcp 0 1 192.168.1.9:34217 83.138.187.18:333 SYN_SENT
[y3dips@y3dips y3dips]$ ping ultimatesearch.com
PING ultimatesearch.com (83.138.187.18) 56(84) bytes of data.
64 bytes from 83.138.187.18: icmp_seq=0 ttl=52 time=1319 ms
even when i change to another port
[y3dips@y3dips netcat]$ wine nc.exe lvvp 8888
Could not stat /mnt/floppy (No such file or directory), ignoring drive A:
[y3dips@y3dips y3dips]$ netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 1 192.168.1.9:34278 83.138.187.18:8888 SYN_SENT
is it backdoor ?
the funny things is why it connect to http://ultimatesearch.com
any comment or suggestion ?
maybe i use a wrong netcat on my linux box with wine
btw, after that i download netcate from sf.net
n i cek the md5
after that i run it again n it workz
No comments:
Post a Comment