Security Incidents mailing list archives
Re: Can anyone guess at this "scan"??
From: Sarah Cleveland <monster () farm9 com>
Date: Thu, 11 Jan 2001 13:45:02 -0800
I would agree that snort is probably the best tool. You can download snort from the homepage: http://www.snort.org/ ~Sarah Sarah Cleveland Zope Kitten farm9.com, Inc. WWW: http://www.farm9.com Email: monster () farm9 com Phone: 415-863-8035
-----Original Message----- From: Los, Ralph [mailto:rlos () ENVESTNET COM] Sent: Thursday, January 11, 2001 10:38 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Can anyone guess at this "scan"?? I wish I could get packet dumps for you, but I don't have that facility, and as I'm relatively new to this type of task, I don't even have a facility set up to do such a task...learning quickly.
snort is an excellent tool for this task.
Maybe this'll help someone track this down...the other end has been relatively slow in responding, but they swore they would investigate. I will post again should I hear any more news from their security team. In the meantime, ...is there a tool out there that is known to run from a *NIX box that would be doing NetBIOS scans like the one seen below in my post?
I can think of lots of tools that run on Linux that could generate this type of traffic. Any tool that can specify the source and destination port could generate traffic that matches the pattern you show(hping, nmap etc...). john -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOl4fJdwfv0dRtjgLEQKgeQCgitowNzz9SB1ycz9U975lGaMDiAkAn0r0 PfHaJhOb+65XDisWwkj23bdx =owkX -----END PGP SIGNATURE-----
Current thread:
- Can anyone guess at this "scan"?? Los, Ralph (Jan 10)
- Re: Can anyone guess at this "scan"?? Anders Thulin (Jan 11)
- Re: Can anyone guess at this "scan"?? Guido Bolognesi (Jan 11)
- <Possible follow-ups>
- Re: Can anyone guess at this "scan"?? Howard, Aaron (Jan 11)
- Re: Can anyone guess at this "scan"?? Los, Ralph (Jan 11)
- Re: Can anyone guess at this "scan"?? Duquette, John (Jan 11)
- Re: Can anyone guess at this "scan"?? Sarah Cleveland (Jan 11)