|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Suspicious traffic w src & dst port 19161
From: Kyle Maxwell (krmaxwell
gmail.com)
Date: Thu Apr 28 2005 - 22:58:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 4/28/05, Fergie (Paul Ferguson) <fergdawgnetzero.net> wrote:
> Any ideas? I can probably get a trace, but I thought I
> would ask the list first..
A trace would indeed be helpful. There was some discussion of what
might be related traffic on the Internet Storm Center last spring; see
http://isc.sans.org/diary.php?date=2004-05-18. Additional suggestions
were provided in http://isc.sans.org/diary.php?date=2004-06-01 (to
change the fragmentation detection settings).
I didn't see any more discussion on the ISC, so unless someone else on
the list knows more (hopefully!), your captures will probably be a big
help.
--
Kyle Maxwell
[krmaxwellgmail.com]
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]