Firewall Wizards mailing list archives
Re: [OT] tcpdump parsing
From: hermit921 <hermit921 () yahoo com>
Date: Mon, 13 Oct 2003 08:39:07 -0700
I have found external scans of Windows machines to have decreasing usefulness. Netstat commands on suspicious W2K systems usually show open ports that a complete external nmap scan does not show as open.
hermit921 At 03:29 PM 10/8/2003, Paul Robertson wrote:
On Wed, 8 Oct 2003, Damian Gerow wrote: > I've done some other digging, and have found out that about 99% of my dump> is between ports 25 and 32101. Now I just have to figure out why/how people> are connecting to 32101, as a full port scan of the computer has turned up > nothing but the standard Windows ports listening, three different times. You might want to look at the IE bugs that have recently been exploited, assuming the machines are Win* based. Checking browser caches and histories may yield useful stuff, as will looking for mapped drive shares (most Win* worms these days will do the share thing if they can.)> Since this has moved far and beyond the scope of the list, I'll refrain from> posting anything else. No fair, we wanna know what it was! Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- [OT] tcpdump parsing Damian Gerow (Oct 08)
- Re: [OT] tcpdump parsing Devdas Bhagat (Oct 08)
- Re: [OT] tcpdump parsing Damian Gerow (Oct 08)
- Re: [OT] tcpdump parsing Paul Robertson (Oct 11)
- Spamming, 'hidden' mail server Damian Gerow (Oct 08)
- Re: Spamming, 'hidden' mail server Jeff Bollinger (Oct 15)
- Re: Spamming, 'hidden' mail server Damian Gerow (Oct 17)
- Re: [OT] tcpdump parsing Damian Gerow (Oct 11)
- Re: [OT] tcpdump parsing hermit921 (Oct 13)
- Re: [OT] tcpdump parsing Damian Gerow (Oct 08)
- Re: [OT] tcpdump parsing Devdas Bhagat (Oct 08)
- Re: [OT] tcpdump parsing Damian Gerow (Oct 08)
- <Possible follow-ups>
- RE: [OT] tcpdump parsing Austin, Greg (Oct 08)
- Mail server security (Was: Re: [OT] tcpdump parsing) Damian Gerow (Oct 11)