Hi Lenvda,
Port 443 is secure HTTP (SSL) aka https
Port 2283 is ...
2283 tcp HVLRat5 [trojan] HVL Rat5
2283 tcp HvlRAT [trojan] Hvl RAT
2283 tcp lnvstatus LNVSTATUS
2283 udp lnvstatus LNVSTATUS
Details of the RAT 5 Trojan can be found here
http://www.xploiter.com/security/rat.htmlAn nslookup of 65.54.230.248 returns the domain nexus.pasport.com
>65.54.230.248
Server: 192.168.1.2
Address: 192.168.1.2#53
Non-authoritative answer:
248.230.54.65.in-addr.arpa name = nexus.passport.com.
Authoritative answers can be found from:
230.54.65.in-addr.arpa nameserver = ns2.hotmail.com.
230.54.65.in-addr.arpa nameserver = ns3.hotmail.com.
230.54.65.in-addr.arpa nameserver = ns4.hotmail.com.
230.54.65.in-addr.arpa nameserver = ns1.hotmail.com.
ns1.hotmail.com internet address = 216.200.206.140
ns2.hotmail.com internet address = 216.200.206.139
ns3.hotmail.com internet address = 209.185.130.68
ns4.hotmail.com internet address = 64.4.29.24
A whois of the domain name returns no results
[sime@ns sime]$ whois nexus.passport.com
[whois.crsnic.net]
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to
http://www.internic.netfor detailed information.
No match for "NEXUS.PASSPORT.COM".
From what I have gleaned here I would suggest you block port 2283 with your firewall or if you are running an ADSL or CABLE Router / Modem set up an ACL or equivalent.
In general terms it would appear that a trojan called RAT was having a go at your box. Run a virus scanner and make sure the above port is shut on your firewall. Make sure you have a read of the site above and have a look see if you can find any other info about the trojan else where on the net.
Hope this helps
Later
Sime