Security Incidents mailing list archives
Re: Suspicious traffic w src & dst port 19161
From: Kyle Maxwell <krmaxwell () gmail com>
Date: Thu, 28 Apr 2005 22:58:37 -0500
On 4/28/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:
Any ideas? I can probably get a trace, but I thought I would ask the list first..
A trace would indeed be helpful. There was some discussion of what might be related traffic on the Internet Storm Center last spring; see http://isc.sans.org/diary.php?date=2004-05-18. Additional suggestions were provided in http://isc.sans.org/diary.php?date=2004-06-01 (to change the fragmentation detection settings). I didn't see any more discussion on the ISC, so unless someone else on the list knows more (hopefully!), your captures will probably be a big help. -- Kyle Maxwell [krmaxwell () gmail com] -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Suspicious traffic w src & dst port 19161 Fergie (Paul Ferguson) (Apr 28)
- Re: Suspicious traffic w src & dst port 19161 Kyle Maxwell (Apr 29)