Re: Port & Executable Monitoring & Logging

["Michael Painter" <tvhawaii () shaka com>]

> On Jun 21, 2011, at 12:54 PM, jstemp105 () gmail com wrote:
>
> > Hello All,
> >
> > I have been working with the IPS systems within my corporate workplace and we have noticed some strange activity where 
> > a virtual
> > Windows file server is attempting to connect to workstations, on the same subnet, through local TCP port 88.  The IPS 
> > systems
> > that we have in place on the workstations in our organization are detecting these connections and is blocking them by
> > considering them port scans.  The connections are incoming from the file server to the workstations.
> >
> > Placing a packet capture on the network and server did no good as the workstations blocked them and the workstations 
> > that didn't
> > block the connections would only reply with a reset flag.
> >
> > These connections happen at the most sporadic times ranging anywhere throughout the day or night.  We would like to put 
> > a
> > program on the server that will monitor for executables and what port they run on or open up.  This program must be 
> > able to log
> > the instances and be able to filter what ports are being monitored.  Does anyone know of any software programs that 
> > will run on
> > Server 2008 and have the above stated capabilities?
> >
> > Thanks!

I'd give MSofts Port Reporter and its Parser a try:
Overview
The Port Reporter tool logs TCP and UDP port activity. The tool is a small program that runs as a service on a computer 
that is running Windows Server 2003, Windows XP, or Windows 2000.

On Windows Server 2003 and on Windows XP-based computers, the service can log the following information:
 a.. The ports that are used
 b.. The processes that use the port
 c.. Whether a process is a service
 d.. The modules that a process loaded
 e.. The user accounts that run a process


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------