AIX 5.2 local portscanner?

From: Tony Brown (tony.brown2_at_comcast.net)
Date: 10/12/05

  • Next message: Lassi Hippeläinen: "Re: Wireless security"
    Date: Tue, 11 Oct 2005 23:15:30 -0500
    
    

    My network guys tell me that one of our local machines is sending out
    port scans to a particular host. The "attacking" machine is AIX 5.2.
    I have been tcpdumping for 2 days and have not seen anything
    significant. I installed lsof and nothing is showing up. For clarity
    I installed this and am monitoring on the "attacking" machine. Still
    the port scans exist.

    Does anyone know of a tool that will definitively tell me what process
    is causing this?

    TIA,
    T.


  • Next message: Lassi Hippeläinen: "Re: Wireless security"