Full Disclosure mailing list archives
Re: Linux - Indicators of compromise
From: Giles Coochey <giles () coochey net>
Date: Wed, 18 Jul 2012 08:18:06 +0100
On 17/07/2012 18:58, Григорий Братислава wrote:
On Mon, Jul 16, 2012 at 10:35 AM, Giles Coochey <giles () coochey net> wrote:On 16/07/2012 14:48, Gary Baribault wrote: I suggest one of the first answers was the good one, intercept the traffic routed to the internet with TCPDump. Filter out the normal traffic and see what's left. All compromised systems talk to the Internet to dump data or route spam. Be patient, some systems talk all the time, some once an hour .. but you will find some unexplained traffic. Once you do find that you're infected, don't bother cleaning up the system, format and restore the data!Is you have much more to worry than is ICMP/GRE tunnels. Is I send to Broadcast and I am is on your network, how do you is plan to pinpoint who I am when is everyone see broadcast
By your source MAC address -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles () coochey net
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Linux - Indicators of compromise Ali Varshovi (Jul 16)
- Re: Linux - Indicators of compromise Michael Stummvoll (Jul 16)
- Re: Linux - Indicators of compromise valdis . kletnieks (Jul 16)
- Re: Linux - Indicators of compromise Gary Baribault (Jul 16)
- Re: Linux - Indicators of compromise Benji (Jul 16)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 17)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 17)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 19)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 18)
- Message not available
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 18)
- Re: Linux - Indicators of compromise Leutnant Steiner (Jul 20)
- Re: Linux - Indicators of compromise Gary Baribault (Jul 16)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 25)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 25)
- Re: Linux - Indicators of compromise Scott Solmonson (Jul 26)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 26)
- Re: Linux - Indicators of compromise valdis . kletnieks (Jul 26)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 26)
- Re: Linux - Indicators of compromise Scott Solmonson (Jul 28)