Re: Scanning tool?

From: Keith W. McCammon (km_at_km.com)
Date: 05/05/04 

Date: Wed, 5 May 2004 09:11:00 -0400

IDS and firewall logs are useful. In general, on a given network, it's
trivial to determine the legitimate SMTP servers. From there, mining logs
for systems from client segments and such that are sending outbound mail is
a simple way to achieve this end.

"Larry" <res0jhe3@verizonDOTnet> wrote in message
news:uTX8XypMEHA.1556@TK2MSFTNGP10.phx.gbl...
> I wanted to ask everyone in the group what they are using to track trends
> caused by for example the sasser worm. Is anyone using a tool that can
track
> machines that are trying to spam segments of a network or at least could
> send notifications of a pattern?
>
> TIA...
>
>

Relevant Pages

  • Re: [fw-wiz] Ok, so now we have a firewall, were safe, right?
    ... >firewall logs, this is it- nobody at any of the companies involved figured ... Find some solution that can consume all the logs from all your network ... >Seems to also intimate the Trojan being injected via autorun CDs. ... >AV isn't going to be effective against most custom Trojan Horses. ...
    (Firewall-Wizards)
  • Re: pf.conf + Norton Antivirus -question
    ... I will try to flush states before the next virus update. ... for logging purposes because our network is filled ... >># Block access to certain networks ... Check your firewall logs. ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Strange Logon Failure
    ... but complete log on this account. ... >Some one is trying to access a share via network logon to ... >firewall logs to see if anything matches up by time to ... >> Benjamin. ...
    (microsoft.public.security)
  • Re: Adding a new computer to existing home office network
    ... Check the new pc's firewall logs if any, and Event Viewer logs; ... computers on the network, while the other computers can see but can ... Administrator ...
    (microsoft.public.windowsxp.network_web)