Intrusion Detection Systems mailing list archives

Re: Fwd: Re: Part 2 Scanning on tcp port 27374

From: dgailey () insync net (DPG)
Date: Fri, 28 Apr 2000 02:24:21 -0500 (CDT)


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
One download location for this utility is :

ftp://minnie.cs.adfa.edu/pub/NetSecurity/

It was also ported to freebsd under the
 '/usr/ports/security/pktsuckers/'   directory.

-Dan P. Gailey
 Insync Internet Services

 
.                                                 .
                        . 

             
                                       
        
                             

   
                                  .

On Thu, 27 Apr 2000, Lachlan Cranswick wrote:

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------

[tcpdump -x 'port 27374']
You should also run pktsuck or something to that extent to catch any
data that the person in question might attempt to send once he realizes
that this port is open and accepting connections.
pktsuck is relativley easy to set-up and configure, and provides logging
of data via the syslog facilities.



Do you have a web or ftp address for this pktsuch?

----

DTK Deception scripts might also help log what they could
be trying to do on that port as well.

http://www.all.net/dtk/

Lachlan.




Lachlan M. D. Cranswick

Collaborative Computational Project No 14 (CCP14)
     for Single Crystal and Powder Diffraction
Daresbury Laboratory, Warrington, WA4 4AD U.K
Tel: +44-1925-603703  Fax: +44-1925-603124
E-mail: l.cranswick () dl ac uk  Ext: 3703  Room C14
                            http://www.ccp14.ac.uk

Current thread:

strings in backdoor binaries, (continued)
- - - strings in backdoor binaries Meritt, Jim (Apr 27)
    - Re: strings in backdoor binaries Anton Chuvakin (Apr 28)
    - Re: strings in backdoor binaries Gary Flynn (Apr 28)
    - Re: strings in backdoor binaries DPG (Apr 28)
    - Re: strings in backdoor binaries Jonas Eriksson (Apr 29)
    - Re: strings in backdoor binaries Jonas Eriksson (Apr 29)
    - Sniffing.... SatyaNarayana ANV (Apr 29)
    - RE: Scanning on tcp port 27374 Thomas J. Arseneault (Apr 27)
    - Re: Scanning on tcp port 27374 Talisker (Apr 27)
    - Fwd: Re: Part 2 Scanning on tcp port 27374 Lachlan Cranswick (Apr 27)
    - Re: Fwd: Re: Part 2 Scanning on tcp port 27374 DPG (Apr 28)
    - RE: Scanning on tcp port 27374 Benninghoff, John (Apr 27)
    - Re: RE: Scanning on tcp port 27374 Mike Condy (Apr 28)
  - Special Pub 800-12 -- An Introduction to Computer Security: The NIST Handbook 宏一 (Apr 28)