Intrusion Detection Systems mailing list archives

Re: Part 2 Scanning on tcp port 27374

From: dgailey () insync net (DPG)
Date: Thu, 27 Apr 2000 10:17:12 -0500 (CDT)


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Also, set-up tcpdump to listen for any traffic specified for those ports
see if it sent any data within the packet, and what flag bits where set
etc..
[tcpdump -x 'port 27374']
You should also run pktsuck or something to that extent to catch any
data that the person in question might attempt to send once he realizes
that this port is open and accepting connections.
pktsuck is relativley easy to set-up and configure, and provides logging
of data via the syslog facilities.

-dpg

.                                                 .
                        . 

             
                                       
        
                             

   
                                  .

Current thread:

Re: [Fwd: [Fwd: Fwd: Emergency...Pls Forward This To Everyone You Know]], (continued)
- Re: [Fwd: [Fwd: Fwd: Emergency...Pls Forward This To Everyone You Know]] walter sulym (Apr 12)
- Re: [Fwd: [Fwd: Fwd: Emergency...Pls Forward This To Everyone You Know]] Ki.Ki.Ki...Kiran (Apr 23)
- IDS Focus Area at SecurityFocus.com Jensenne Roculan (Apr 24)
- intruder clues Meritt, Jim (Apr 24)
  - Re: intruder clues flynngn () jmu edu (Apr 24)
    - Re: intruder clues Philippe Bourgeois (Apr 25)
  - Re: intruder clues Lance Spitzner (Apr 25)
  - Scanning on tcp port 27374 Benninghoff, John (Apr 26)
    - Re: Scanning on tcp port 27374 Gary Flynn (Apr 27)
    - Re: Scanning on tcp port 27374 DPG (Apr 27)
    - Re: Part 2 Scanning on tcp port 27374 DPG (Apr 27)
    - strings in backdoor binaries Meritt, Jim (Apr 27)
    - Re: strings in backdoor binaries Anton Chuvakin (Apr 28)
    - Re: strings in backdoor binaries Gary Flynn (Apr 28)
    - Re: strings in backdoor binaries DPG (Apr 28)
    - Re: strings in backdoor binaries Jonas Eriksson (Apr 29)
    - Re: strings in backdoor binaries Jonas Eriksson (Apr 29)
    - Sniffing.... SatyaNarayana ANV (Apr 29)
    - RE: Scanning on tcp port 27374 Thomas J. Arseneault (Apr 27)
    - Re: Scanning on tcp port 27374 Talisker (Apr 27)
    - Fwd: Re: Part 2 Scanning on tcp port 27374 Lachlan Cranswick (Apr 27)

(Thread continues...)