[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Part 2 IDS: Scanning on tcp port 27374

To: "Benninghoff, John" <JaBenninghoff@DainRauscher.com>
Subject: Re: Part 2 IDS: Scanning on tcp port 27374
From: DPG <dgailey@insync.net>
Date: Thu, 27 Apr 2000 10:17:12 -0500 (CDT)
Cc: ids@uow.edu.au

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
Also, set-up tcpdump to listen for any traffic specified for those ports
see if it sent any data within the packet, and what flag bits where set
etc..
[tcpdump -x 'port 27374']
You should also run pktsuck or something to that extent to catch any
data that the person in question might attempt to send once he realizes
that this port is open and accepting connections.
pktsuck is relativley easy to set-up and configure, and provides logging
of data via the syslog facilities.

-dpg


.                                                 .
                        . 

             
                                       
        
                             

   
                                .

Prev by Date: Re: IDS: Scanning on tcp port 27374
Next by Date: IDS: strings in backdoor binaries
Prev by thread: Re: IDS: Scanning on tcp port 27374
Next by thread: Fwd: Re: Part 2 IDS: Scanning on tcp port 27374
Index(es):
- Date
- Thread