PDA

View Full Version : BLACKICE TCP Port Probes



Daniel-Man
11-07-2002, 05:57 AM
Hi,
I have blackICE 3.5 and have occasionall hackers hacking but tonight there were 159 and still counting! from

IP: 142.165.156.6
DNS: hsdb-nbfr-156-6.sasknet.sk.ca

they were attempting to hack on port 1576 I think.

What do these Port 1576 hacks mean??

Also a file (windows/system/wcrtudp.exe) kept coming up as being loading by my BlackICE software. Is this a hacker hacking through UDP or something?

Ghost_Hacker
11-07-2002, 08:06 AM
Does Blackice tell you what port "wcrtudp.exe" was trying to open? THe program name doesn't show up in Google or any other references I know of. Still it's possible that the file is part of some legitimately installed software on your computer.


1576 is not a port used by anything major. (It's used by a license manger that I doubt you have running on your computer) However, without a packet capture it will be hard to find out just what the connection attempt was all about.

If you have a hex editor you might try opening the "wcrtudp" file up and looking for text strings within it.(this can sometimes give you a clue as to what the program does.)



Hope this helps :)

mjc
11-07-2002, 10:35 AM
What port were they trying to connect to and what OS are you running?

Jiggy
11-07-2002, 06:19 PM
take a look at this (http://www.iss.net/security_center/advice/Exploits/Ports/default.htm) site, it mite help.

also if you open Blackice go to Events, bottom right corner theres a link to Advice, if you click on an intruder then that link it will tell you more.