I am having the same problem -- I installed the portReporter as an
automatic service, but it cannot catch those questionable traffic
(UDP, 0 byte sent, 540 bytes received, from either China or Poland).
It seems that the connections take place before the service starts?
As to the external sniffers, they are really not very helpful in this
situation, since what we really want to figure out is which program(s)
are involved in those suspecious traffic.
Yan
On 5/23/08, kunwon1 <dave.j.moore_at_gmail.com> wrote:
> On Fri, May 23, 2008 at 12:55 AM, Michael Painter <tvhawaii_at_shaka.com> wrote:
>
> > I suppose sniffing the wire with another box would be the best approach as
> > far as "traffic" goes?
> >
>
>
> The very best approach would be to put your scanner between the box in
> question and the WAN. I'm fairly certain that iptables can be
> configured to log everything that passes through, and that way you're
> guaranteed to get 100% of the traffic.
>
> --
> ==========
> A human being should be able to change a diaper, plan an invasion,
> butcher a hog, conn a ship, design a building, write a sonnet, balance
> accounts, build a wall, set a bone, comfort the dying, take orders,
> give orders, cooperate, act alone, solve equations, analyze a new
> problem, pitch manure, program a computer, cook a tasty meal, fight
> efficiently, die gallantly. Specialization is for insects. -Heinlein
>
> This message copyright (c) 2004-2007 David J Moore
>
--
Use Snort, the de facto standard for Intrusion Detection
,,__
o" )~ oink oink
' ' ' '
Received on May 23 2008
Intro
