Re: UDP Port Sweep question
From: Tim (tim-forensics_at_sentinelchicken.org)
Date: 12/29/04
- Previous message: David Gillett: "RE: UDP Port Sweep question"
- In reply to: Billy Dodson: "RE: UDP Port Sweep question"
- Next in thread: Benjamin Franz: "RE: UDP Port Sweep question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Dec 2004 14:24:37 -0500 To: Billy Dodson <billy@pmm-i.com>
> Here is some more info regarding the port sweeps. The port the client
> is being hit on seems to vary. The client is being hit on the same 8
> port range from each IP port 33434-33460. All 3 sensors from the 3
> different clients show the same destination port range. The sensors are
> cisco IDS sensors and I am unsure as to how to get the actual packet
> from the event.
Looks like it might just bee traceroutes to me:
http://linux-ip.net/html/tools-traceroute.html
Do these companies have anyone monitoring their connectivity from the
outside?
tim
- Previous message: David Gillett: "RE: UDP Port Sweep question"
- In reply to: Billy Dodson: "RE: UDP Port Sweep question"
- Next in thread: Benjamin Franz: "RE: UDP Port Sweep question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
