|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Fwd: Re: Part 2 IDS: Scanning on tcp port 27374
From: DPG (dgailey
insync.net)Date: Fri Apr 28 2000 - 02:24:21 CDT
- Next message: Mike Condy: "Re: IDS: RE: Scanning on tcp port 27374"
- Previous message: Benninghoff, John: "IDS: RE: Scanning on tcp port 27374"
- In reply to: Lachlan Cranswick: "Fwd: Re: Part 2 IDS: Scanning on tcp port 27374"
- Reply: DPG: "Re: Fwd: Re: Part 2 IDS: Scanning on tcp port 27374"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
One download location for this utility is :
ftp://minnie.cs.adfa.edu/pub/NetSecurity/
It was also ported to freebsd under the
'/usr/ports/security/pktsuckers/' directory.
-Dan P. Gailey
Insync Internet Services
. .
.
.
On Thu, 27 Apr 2000, Lachlan Cranswick wrote:
> Archive: http://msgs.securepoint.com/ids
> FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owneruow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
> -----------------------------------------------------------------------------
>
>
> >[tcpdump -x 'port 27374']
> >You should also run pktsuck or something to that extent to catch any
> >data that the person in question might attempt to send once he realizes
> >that this port is open and accepting connections.
> >pktsuck is relativley easy to set-up and configure, and provides logging
> >of data via the syslog facilities.
>
>
> Do you have a web or ftp address for this pktsuch?
>
> ----
>
> DTK Deception scripts might also help log what they could
> be trying to do on that port as well.
>
> http://www.all.net/dtk/
>
> Lachlan.
>
>
>
>
> Lachlan M. D. Cranswick
>
> Collaborative Computational Project No 14 (CCP14)
> for Single Crystal and Powder Diffraction
> Daresbury Laboratory, Warrington, WA4 4AD U.K
> Tel: +44-1925-603703 Fax: +44-1925-603124
> E-mail: l.cranswickdl.ac.uk Ext: 3703 Room C14
> http://www.ccp14.ac.uk
>
- Next message: Mike Condy: "Re: IDS: RE: Scanning on tcp port 27374"
- Previous message: Benninghoff, John: "IDS: RE: Scanning on tcp port 27374"
- In reply to: Lachlan Cranswick: "Fwd: Re: Part 2 IDS: Scanning on tcp port 27374"
- Reply: DPG: "Re: Fwd: Re: Part 2 IDS: Scanning on tcp port 27374"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]