Re: Scanning Port UDP 4668

["Vitaly Osipov" <witt () iol ie>]

----- Original Message -----
From: "H C" <keydet89 () yahoo com>

> I'm really kind of suprised that a CISSP is taking
> this approach to such a problem.

Why? what is wrong in asking the community when one has done all the
research he was able to do? Isn't it what this list is for? And how do you
know why he is asking - maybe his security policy asks him to investigate
this specific case?

> packets headed for this port.  Fine.  *How* did they
> find them?    Were they dropped by a firewall?  If
> so...so what?  Better to spend the time on things that
> matter than chasing after shiny objects.

Again, I prefer not to teach a person to do his job unless I am asked for
this :)
Maybe this system is so crytical that it is needed to investigate a
slightest possibility of compromise/unknown exploit? And what is wrong with
pure curiosity? :)

> Were they logged by an IDS?  If so, what data is
> carried in the datagram?

He said it was a scan, so presumably the data portion was empty.

> this group, maybe what they can do is identify the
> systems using the destination IPs of the datagrams,
> then go to those boxes and run fport.exe (NT/2K) or
> 'netstat -ano' (XP) or lsof (Linux) to see if anything
> *is*, in fact, listening on that port.

If they find nothing, this still will not answer the question on what the
scanning person was looking for.

Regards,
Vitaly.

P.S. Yes, I'm a CISSP too :)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com