AIX 5.2 local portscanner?

From: Tony Brown (tony.brown2_at_comcast.net)
Date: 10/12/05

  • Next message: Lassi Hippeläinen: "Re: Wireless security"
    Date: Tue, 11 Oct 2005 23:15:30 -0500
    
    

    My network guys tell me that one of our local machines is sending out
    port scans to a particular host. The "attacking" machine is AIX 5.2.
    I have been tcpdumping for 2 days and have not seen anything
    significant. I installed lsof and nothing is showing up. For clarity
    I installed this and am monitoring on the "attacking" machine. Still
    the port scans exist.

    Does anyone know of a tool that will definitively tell me what process
    is causing this?

    TIA,
    T.


  • Next message: Lassi Hippeläinen: "Re: Wireless security"

    Relevant Pages

    • Re: General Quarters Ringtone
      ... aboard base we spend weeks showing how salty we are by using all the ... Cessna 172 attacking from that quarter was likely to be highly ... deck and enter the water uncomfortably close aboard to Port. ... be spending a weekend scanning pics, some of which will be posted on ...
      (sci.military.naval)
    • Re: General Quarters Ringtone
      ... aboard base we spend weeks showing how salty we are by using all the ... Cessna 172 attacking from that quarter was likely to be highly successful. ... deck and enter the water uncomfortably close aboard to Port. ... be spending a weekend scanning pics, some of which will be posted on ...
      (sci.military.naval)
    • Re: General Quarters Ringtone
      ... aboard base we spend weeks showing how salty we are by using all the ... Cessna 172 attacking from that quarter was likely to be highly ... deck and enter the water uncomfortably close aboard to Port. ... be spending a weekend scanning pics, some of which will be posted on ...
      (sci.military.naval)
    • Re: dodging SSH-bullets?
      ... >> attacking a host extremely minimal, only an extreme concerted effort by ... numbered port helps avoid the router blocks put in for blocking low-numbered ... stateful firewalls can do this now, and I suspect you'd wind up ... > As an extreme example of waving the Estimated Statistic Wand, ...
      (comp.os.linux.security)
    • Re: "Bugbear" virus in Linux?
      ... Sure I could limit the logging. ... I already cut out logging all the pings ... I like to see who is attacking me and how they are doing it so ... is outsiders trying to access my Microsoft server (the one on port 445, ...
      (comp.os.linux.misc)