Re: [fw-wiz] [OT] tcpdump parsing
From: Paul Robertson (proberts_at_patriot.net)
Date: 10/09/03
- Previous message: James Hunter: "Re: [fw-wiz] Real World PIX 535 Performance"
- In reply to: Damian Gerow: "Re: [fw-wiz] [OT] tcpdump parsing"
- Next in thread: Damian Gerow: "[fw-wiz] Spamming, 'hidden' mail server"
- Reply: Damian Gerow: "[fw-wiz] Spamming, 'hidden' mail server"
- Reply: Damian Gerow: "Re: [fw-wiz] [OT] tcpdump parsing"
- Reply: hermit921: "Re: [fw-wiz] [OT] tcpdump parsing"
- Reply: Damian Gerow: "[fw-wiz] Spamming, 'hidden' mail server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Damian Gerow <damian@sentex.net> Date: Wed, 8 Oct 2003 18:29:03 -0400 (EDT)
On Wed, 8 Oct 2003, Damian Gerow wrote:
> I've done some other digging, and have found out that about 99% of my dump
> is between ports 25 and 32101. Now I just have to figure out why/how people
> are connecting to 32101, as a full port scan of the computer has turned up
> nothing but the standard Windows ports listening, three different times.
You might want to look at the IE bugs that have recently been exploited,
assuming the machines are Win* based. Checking browser caches and
histories may yield useful stuff, as will looking for mapped drive shares
(most Win* worms these days will do the share thing if they can.)
> Since this has moved far and beyond the scope of the list, I'll refrain from
> posting anything else.
No fair, we wanna know what it was!
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: James Hunter: "Re: [fw-wiz] Real World PIX 535 Performance"
- In reply to: Damian Gerow: "Re: [fw-wiz] [OT] tcpdump parsing"
- Next in thread: Damian Gerow: "[fw-wiz] Spamming, 'hidden' mail server"
- Reply: Damian Gerow: "[fw-wiz] Spamming, 'hidden' mail server"
- Reply: Damian Gerow: "Re: [fw-wiz] [OT] tcpdump parsing"
- Reply: hermit921: "Re: [fw-wiz] [OT] tcpdump parsing"
- Reply: Damian Gerow: "[fw-wiz] Spamming, 'hidden' mail server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
