Re: [fw-wiz] [OT] tcpdump parsing

From: Paul Robertson (proberts_at_patriot.net)
Date: 10/09/03

  • Next message: Damian Gerow: "Mail server security (Was: Re: [fw-wiz] [OT] tcpdump parsing)"
    To: Damian Gerow <damian@sentex.net>
    Date: Wed, 8 Oct 2003 18:29:03 -0400 (EDT)
    
    

    On Wed, 8 Oct 2003, Damian Gerow wrote:

    > I've done some other digging, and have found out that about 99% of my dump
    > is between ports 25 and 32101. Now I just have to figure out why/how people
    > are connecting to 32101, as a full port scan of the computer has turned up
    > nothing but the standard Windows ports listening, three different times.

    You might want to look at the IE bugs that have recently been exploited,
    assuming the machines are Win* based. Checking browser caches and
    histories may yield useful stuff, as will looking for mapped drive shares
    (most Win* worms these days will do the share thing if they can.)

    > Since this has moved far and beyond the scope of the list, I'll refrain from
    > posting anything else.

    No fair, we wanna know what it was!

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Damian Gerow: "Mail server security (Was: Re: [fw-wiz] [OT] tcpdump parsing)"

    Relevant Pages

    • RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
      ... > a normal port for SQL server *until* MSDE came out. ... Paul -- what ever happened to the first rule (maybe its the second ... Perhaps some of the .edu admins need to first ... design concepts and security. ...
      (Full-Disclosure)
    • Re: Help in accessing GPIOs in an i.MX21 (ADS21 board)
      ... how is GPIOHANDLE declared by the unmanaged code? ... Paul G. Tobey wrote: ... I sent as Port I still see that the value ... UINT32 signalMask, UINT32 stateMask) ...
      (microsoft.public.dotnet.framework.compactframework)
    • Re: Help in accessing GPIOs in an i.MX21 (ADS21 board)
      ... If you've given us the correct unmanaged code declaration ... GPIOHANDLE is declared in the unmanaged code as typedef ... Paul G. Tobey wrote: ... I sent as Port I still see that the ...
      (microsoft.public.dotnet.framework.compactframework)
    • Re: Help in accessing GPIOs in an i.MX21 (ADS21 board)
      ... Paul G. Tobey wrote: ... I sent as Port I still see that the value ... For the method INT8 DDKGetGpioSignalState(GPIOHANDLE gpiohandle, ... UINT32 signalMask, UINT32 stateMask) ...
      (microsoft.public.dotnet.framework.compactframework)
    • Re: Help in accessing GPIOs in an i.MX21 (ADS21 board)
      ... I sent as Port I still see that the value ... Paul G. Tobey wrote: ... For the method INT8 DDKGetGpioSignalState(GPIOHANDLE gpiohandle, ... UINT32 signalMask, UINT32 stateMask) ...
      (microsoft.public.dotnet.framework.compactframework)