Security Incidents: Re: strange windows behaviour.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: strange windows behaviour.

From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 07 Oct 2003 13:42:44 -0400

John Sage wrote:

From: Paul Russell <prussell () nd edu>

In the past ten days, we have had five incidents in which
student-owned computers in our residence hall network (ResNet) were

used to send large quantities of spam.

If you keep PIX logs (we try to, though the volume is incredible) youcan look for connections inbound to the host spewing the spam. You caneven get a 1-for-1 connection list (sometimes) showing the incomingproxy feed (from the REAL criminal) and the outgoing spam.

Of course, for you high-bandwidth folks logging is probably not anoption :-)


Jeff


---------------------------------------------------------------------------
----------------------------------------------------------------------------

By Date By Thread

Current thread:

strange windows behaviour. Peter Moody (Oct 07)
- Re: strange windows behaviour. John Sage (Oct 07)
  - Re: strange windows behaviour. Jeff Kell (Oct 08)
    - Re: strange windows behaviour. Magosányi Árpád (Oct 09)
  - Re: strange windows behaviour. Brian Eckman (Oct 08)
    - Re: strange windows behaviour. Fabio Panigatti (Oct 10)
    - Re: strange windows behaviour. J Mike Rollins (Oct 10)
    - Re: strange windows behaviour. Tomasz Papszun (Oct 10)