AIX 5.2 local portscanner?
From: Tony Brown (tony.brown2_at_comcast.net)
Date: Tue, 11 Oct 2005 23:15:30 -0500
My network guys tell me that one of our local machines is sending out
port scans to a particular host. The "attacking" machine is AIX 5.2.
I have been tcpdumping for 2 days and have not seen anything
significant. I installed lsof and nothing is showing up. For clarity
I installed this and am monitoring on the "attacking" machine. Still
the port scans exist.
Does anyone know of a tool that will definitively tell me what process
is causing this?