TCP 193.xxx.xxx.30:3180 205.xxx.xxx.204:5190 ESTABLISHED
my ip xxxxxxxxxxxxxxxxx ... xxxxxxxxxxxxxxxxx his ip

my ip is temporary, dialup, so i dont minde disclosuring it, but for his i dont know, on full port scan only 25 and 110 were open.... (from 1 to 10000)

thats from netstat /an

then i started packetmon, to see what data is transmitted, but it wasn't anything understandable...
and most of those packets had only headers, but nothing in body.

teach me, what should i do to get more info, what that could be? perhapse some spyware? or some trojan?


p.s. i hope ip disclosuring wont bother admins... for mine its no problem... i use dialup...

Topic Edited by OneNight: Yeah, no ips please, not even your one. Thx.

Do you have icq ? Because ICQ connect outbound to the icq server on Port 5190 . So you can't see the port in a scan cause ICQ don't listen on that port . But a connection to this port was made ....

rofl ..

well, by the output of netstat u gave, u aint hacked...

like sunny mentioned, a connection with a remote host on port 5190, is 99,9% an ICQ server connection...

25 and 110 . .gheheheheh, well..99,9% ESMTP and POP3 ..(mail related protocols).. so nothing wrong with that ..

peace