Security Incidents mailing list archives
Re: Scanning Port UDP 4668
From: "Vitaly Osipov" <witt () iol ie>
Date: Tue, 23 Jul 2002 18:02:59 +0100
----- Original Message ----- From: "H C" <keydet89 () yahoo com>
I'm really kind of suprised that a CISSP is taking this approach to such a problem.
Why? what is wrong in asking the community when one has done all the research he was able to do? Isn't it what this list is for? And how do you know why he is asking - maybe his security policy asks him to investigate this specific case?
packets headed for this port. Fine. *How* did they find them? Were they dropped by a firewall? If so...so what? Better to spend the time on things that matter than chasing after shiny objects.
Again, I prefer not to teach a person to do his job unless I am asked for this :) Maybe this system is so crytical that it is needed to investigate a slightest possibility of compromise/unknown exploit? And what is wrong with pure curiosity? :)
Were they logged by an IDS? If so, what data is carried in the datagram?
He said it was a scan, so presumably the data portion was empty.
this group, maybe what they can do is identify the systems using the destination IPs of the datagrams, then go to those boxes and run fport.exe (NT/2K) or 'netstat -ano' (XP) or lsof (Linux) to see if anything *is*, in fact, listening on that port.
If they find nothing, this still will not answer the question on what the scanning person was looking for. Regards, Vitaly. P.S. Yes, I'm a CISSP too :) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Scanning Port UDP 4668 Ken Grossman (Jul 22)
- Re: Scanning Port UDP 4668 H C (Jul 22)
- Re: Scanning Port UDP 4668 Vitaly Osipov (Jul 23)
- Re: Scanning Port UDP 4668 H C (Jul 23)
- Re: Scanning Port UDP 4668 Vitaly Osipov (Jul 23)
- <Possible follow-ups>
- RE: Scanning Port UDP 4668 Lucas (Jul 22)
- Re: Scanning Port UDP 4668 GabyHornik (Jul 23)
- Re: Scanning Port UDP 4668 H C (Jul 22)