Home page logo

basics logo Security Basics mailing list archives

Re: pc generating unauthorized http scans
From: krymson () gmail com
Date: Tue, 25 Nov 2008 07:30:16 -0700

Isn't that a question for the security team that identified your computer? I find it irresponsible to point out a 
security threat and then leave the user to figure out what is going on, especially if this is a system they own and 
even more especially if you're not an admin on it.

You should ask that security team what they detected and how they detected it. Is it bursting at certain times of day, 
or is it very regular? Where is it going? What is that traffic trying to do, just find open port 80 connections?

I would otherwise look at the other suggestions. Check output from Wireshark and TCPView and see what you can find out. 
But I'm ultimately disappointed in that security team...

<- snip ->
Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other 
systems within our network.

I am not running any kind of scans, nor have I authorized anything to run such scans.

How can I determine what is performing these scans?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]