Home page logo

basics logo Security Basics mailing list archives

Re: pc generating unauthorized http scans
From: "J. Oquendo" <sil () infiltrated net>
Date: Thu, 20 Nov 2008 10:13:39 -0600

On Wed, 19 Nov 2008, Donald Raikes wrote:

Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other 
systems within our network.

I am not running any kind of scans, nor have I authorized anything to run such scans.

How can I determine what is performing these scans?

On Windows, you could use tcpview from sysinternals:

If its a nix variant then you could use lsof, netstat: e.g.

lsof -iPl
netstat -ln|awk '/tcp|udp/'

You could run an analyzer on the wire (Wireshark, Sniffer Pro, etc).

Depends... Your best bet to find which program is doing the
scanning in the quickest, cleanest way though on XP in my
opinion would be with tcpview.

J. Oquendo

"Each player must accept the cards life deals him
or her: but once they are in hand, he or she alone
must decide how to play the cards in order to win
the game." Voltaire

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]