Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: Interesting reply
From: H Carvey (keydet89YAHOO.COM)
Date: Thu Oct 12 2000 - 15:33:50 CDT
- Next message: mamo: "ksyslogd"
- Previous message: Runar Jensen: "Re: Compromised NT box, sniffer and possible backdoor"
- Next in thread: Keith Pachulski: "Re: Interesting reply"
- Maybe reply: H Carvey: "Re: Interesting reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'd be very interested to hear some specifics
regarding the type of traffic that indicates that the
scanning system has been compromised, and how this
traffic might differ from traffic "seen" from a
I still don't see how anyone can say "most" or "almost
all" without any hard info.
--- Gary Flynn <flynngnJMU.EDU> wrote:
> "Forrester, Mike" wrote:
> > From my experience (I work for a broadband ISP),
> most of our problems with
> > people scanning is from a compromised system. No,
> I don't have exact
> > numbers, but MOST is about right. ;)
> How do you determine if the box used for scanning is
> compromised? Do you take
> the owner's word? How about other ISPs listening
> Gary Flynn
> Security Engineer - Technical Services
> James Madison University
> Please RUNSAFE
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!