Search:

Type: Posts; User: pennconservativ; Keyword(s):

Search: Search took 0.06 seconds.

  1. Replies
    10
    Views
    7,887

    Poll: My question would be why would you want to stay...

    My question would be why would you want to stay away from MS products? I realize that this opinion is a little different than what others posted, but I think that you're best served, and will be a...
  2. I don't think that there are too many people that...

    I don't think that there are too many people that would argue with their number one.

    As far as what I would add, I don't know that I would necessarily add anything, but I would reword number six. ...
  3. Replies
    14
    Views
    13,020

    Solved. It appears that two machines on my...

    Solved. It appears that two machines on my network had Sasser. The reason the connections weren't showing in netstat was because I just wasn't using the right switches. This is my gateway device,...
  4. Replies
    14
    Views
    13,020

    The MAC matches, but if my host is compromised,...

    The MAC matches, but if my host is compromised, shouldn't I be seeing a ton of open connections when I do 'netstat -l'? It's generating about 100 packets/second, so you would think that I would have...
  5. Replies
    14
    Views
    13,020

    Okay, this keeps getting wierder. I powered down...

    Okay, this keeps getting wierder. I powered down the computer that I was having problems with, but now when I do an Ethereal capture, I see a ton of scans for port 445 (microsoft-ds) originating...
  6. Replies
    14
    Views
    13,020

    I disconnected it from the network as soon as I...

    I disconnected it from the network as soon as I saw the scans. It has no critical data. I'm gonna boot to Knoppix to scan it and see what I find, then I'll rebuild the machine. If I'm able to...
  7. Replies
    14
    Views
    13,020

    Yes, it's a business network. They are private...

    Yes, it's a business network. They are private IPs, so I can give you more information. The network that the problem host is on is 192.168.130.0/24. The packets I'm seeing are all SYNs from my...
  8. Replies
    14
    Views
    13,020

    Okay, I definitely have a problem. I did an...

    Okay, I definitely have a problem. I did an Ethereal capture, and there are a TON of SYN packets going from my machine to machines on the same subnet. What's so wierd is that they're getting...
  9. Replies
    14
    Views
    13,020

    Any idea what this is???

    I started seeing a ton of messages in my IDS (Snort) showing inbound ICMP Destination host unreachable message. I'm on a net that uses private IPs. The source IP is always one of two addresses. ...
  10. Replies
    9
    Views
    7,352

    Linux Server Break-In Challenge

    Saw this one on Slashdot and thought some on here might be interested. Linux Break-In Challenge

    Am I the only one that is too paranoid (or ethical) to do any of these? I'm always afraid that if...
  11. Replies
    12
    Views
    16,868

    Re: types of fire walls

    If it's filtering based on content, then it's more than likely an application layer proxy, not technically a firewall. The terminology has become more than a little skewed as perimeter devices...
  12. Replies
    5
    Views
    8,106

    I meant assigning different private IPs to the...

    I meant assigning different private IPs to the servers providing external services. The external interface on the firewall behind which these servers reside would maintain it's IP assignment(s). ...
  13. Replies
    5
    Views
    5,910

    Poll: I would tell the admin, but that's just me. I...

    I would tell the admin, but that's just me. I agree with other posters, however, that you shouldn't be assuming that this is a firewall misconfiguration. However, given the fact that are somehow...
  14. Replies
    11
    Views
    10,321

    That article on Knoppix is great. Does anyone...

    That article on Knoppix is great. Does anyone know if there is a similar way to use Knoppix to do spyware scanning as well?
  15. Replies
    5
    Views
    8,106

    How can I improve this setup?

    Okay, I was debating on posting this in the Newbie forums, but I'm not a newbie, and it's not really a newbie question, so here goes. I currently have a Cisco 2600 to my ISP with no ACLs. Behind...
  16. From what I've read, this is just a simple case...

    From what I've read, this is just a simple case of 'forgot to test our updates before we deploy them.' As bad as it is, we've come to expect this from our software vendors. However, it's a...
Results 1 to 16 of 16