mailing list archives
Re: pc generating unauthorized http scans
From: "J. Oquendo" <sil () infiltrated net>
Date: Thu, 20 Nov 2008 10:13:39 -0600
On Wed, 19 Nov 2008, Donald Raikes wrote:
Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other
systems within our network.
I am not running any kind of scans, nor have I authorized anything to run such scans.
How can I determine what is performing these scans?
On Windows, you could use tcpview from sysinternals:
If its a nix variant then you could use lsof, netstat: e.g.
netstat -ln|awk '/tcp|udp/'
You could run an analyzer on the wire (Wireshark, Sniffer Pro, etc).
Depends... Your best bet to find which program is doing the
scanning in the quickest, cleanest way though on XP in my
opinion would be with tcpview.
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP
"Each player must accept the cards life deals him
or her: but once they are in hand, he or she alone
must decide how to play the cards in order to win
the game." Voltaire
227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E