mehulved
02-03-2007, 04:47 AM
I was checking the logs of firestarter when I saw a few programs I couldn't recognise. One of them was gatecrasher. Google doesn't give any info on that. Other program shown is back orifice, which googling around, told me that it's a kind of trojan. Is this a false positive or has my machine been compromised?
I have attached the log of firestarter. I have removed bittorrent and unknown from the list.
EDIT - I disabled boinc client, now I don't see back orifice. Do they use same ports or something?
The services I see now are - bittorrent, gatecrasher, NTP, pop3s, SSDP and unknown.
netstat shows, pop3s is connecting to google via opera. So, that's safe. Azureus is running, so BitTorrent is also OK. Now, I got ssdp is simple service discovery protocol so that's safe. Is there any connection between ssdp and HAL?
sheesh, gatecrasher is a protocol used in connection with bittorrent. So, it seems lot better now.
I have attached the log of firestarter. I have removed bittorrent and unknown from the list.
EDIT - I disabled boinc client, now I don't see back orifice. Do they use same ports or something?
The services I see now are - bittorrent, gatecrasher, NTP, pop3s, SSDP and unknown.
netstat shows, pop3s is connecting to google via opera. So, that's safe. Azureus is running, so BitTorrent is also OK. Now, I got ssdp is simple service discovery protocol so that's safe. Is there any connection between ssdp and HAL?
sheesh, gatecrasher is a protocol used in connection with bittorrent. So, it seems lot better now.