Security Incidents mailing list archives

Re: Suspicious traffic w src & dst port 19161

From: Kyle Maxwell <krmaxwell () gmail com>
Date: Thu, 28 Apr 2005 22:58:37 -0500

On 4/28/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:

Any ideas? I can probably get a trace, but I thought I
would ask the list first..


A trace would indeed be helpful. There was some discussion of what
might be related traffic on the Internet Storm Center last spring; see
http://isc.sans.org/diary.php?date=2004-05-18. Additional suggestions
were provided in http://isc.sans.org/diary.php?date=2004-06-01 (to
change the fragmentation detection settings).

I didn't see any more discussion on the ISC, so unless someone else on
the list knows more (hopefully!), your captures will probably be a big
help.

-- 
Kyle Maxwell
[krmaxwell () gmail com]

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Current thread:

Suspicious traffic w src & dst port 19161 Fergie (Paul Ferguson) (Apr 28)
- Re: Suspicious traffic w src & dst port 19161 Kyle Maxwell (Apr 29)