Intrusion Detection Systems mailing list archives
Fwd: Re: Part 2 Scanning on tcp port 27374
From: l.m.d.cranswick () dl ac uk (Lachlan Cranswick)
Date: Thu, 27 Apr 2000 21:02:51 +0100
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
[tcpdump -x 'port 27374'] You should also run pktsuck or something to that extent to catch any data that the person in question might attempt to send once he realizes that this port is open and accepting connections. pktsuck is relativley easy to set-up and configure, and provides logging of data via the syslog facilities.
Do you have a web or ftp address for this pktsuch? ---- DTK Deception scripts might also help log what they could be trying to do on that port as well. http://www.all.net/dtk/ Lachlan. Lachlan M. D. Cranswick Collaborative Computational Project No 14 (CCP14) for Single Crystal and Powder Diffraction Daresbury Laboratory, Warrington, WA4 4AD U.K Tel: +44-1925-603703 Fax: +44-1925-603124 E-mail: l.cranswick () dl ac uk Ext: 3703 Room C14 http://www.ccp14.ac.uk
Current thread:
- Re: Part 2 Scanning on tcp port 27374, (continued)
- Re: Part 2 Scanning on tcp port 27374 DPG (Apr 27)
- strings in backdoor binaries Meritt, Jim (Apr 27)
- Re: strings in backdoor binaries Anton Chuvakin (Apr 28)
- Re: strings in backdoor binaries Gary Flynn (Apr 28)
- Re: strings in backdoor binaries DPG (Apr 28)
- Re: strings in backdoor binaries Jonas Eriksson (Apr 29)
- Re: strings in backdoor binaries Jonas Eriksson (Apr 29)
- Sniffing.... SatyaNarayana ANV (Apr 29)
- RE: Scanning on tcp port 27374 Thomas J. Arseneault (Apr 27)
- Re: Scanning on tcp port 27374 Talisker (Apr 27)
- Fwd: Re: Part 2 Scanning on tcp port 27374 Lachlan Cranswick (Apr 27)
- Re: Fwd: Re: Part 2 Scanning on tcp port 27374 DPG (Apr 28)
- RE: Scanning on tcp port 27374 Benninghoff, John (Apr 27)
- Re: RE: Scanning on tcp port 27374 Mike Condy (Apr 28)