Search:

Type: Posts; User: Mykol; Keyword(s):

Page 1 of 4 1 2 3 4

Search: Search took 0.02 seconds.

  1. Thread: Any advice

    by Mykol
    Replies
    19
    Views
    34,469

    Did I miss this part in all this discussion: ...

    Did I miss this part in all this discussion: what are common denominators each time? User and hardware, if I read it right (granted, I only skimmed the postings). Random BSODs are going to be a...
  2. Note on morganlefay's comment: Do you allow p2p?...

    Note on morganlefay's comment: Do you allow p2p?

    If someone installed a p2p or sharing client, it will go out on port 80 (usually) and advertise itself as participating on the network. Others...
  3. Replies
    5
    Views
    13,494

    Don't overlook the fact that they made it there...

    Don't overlook the fact that they made it there in the first place. More important thatn fixing the damage right now is to concentrate on finding out how they got there in the first place: fix that...
  4. Replies
    20
    Views
    27,535

    Oh "human errer" you have much to learn, young...

    Oh "human errer" you have much to learn, young Jedi.

    Finding and suing the spammers is impossible next only to getting Microsoft to fix security issues....

    In one case, you'd have to travel to...
  5. Replies
    6
    Views
    12,257

    Debts fall into several categories, usually...

    Debts fall into several categories, usually ranked by likelihood of being able to collect on them. Some debt collections companies will "buy" groups of them (well, the information of the...
  6. Replies
    1
    Views
    4,765

    anyone familiar with nemesis dns?

    I'm generating custom packets to test some IDS rules and using nemesis dns, in this case. The documentation says I can feed it a payload file (which is perfect, 'cause I can then tweak specific...
  7. Replies
    8
    Views
    18,279

    Never found out what this was. But that's...

    Never found out what this was. But that's something I hadn't thought of, nihil. I saw something like this a few months ago where a user downloaded a streaming viewer -- malware alarms never went off...
  8. Replies
    8
    Views
    18,279

    Good ideas. Admin claims no malware (although I'm...

    Good ideas. Admin claims no malware (although I'm skeptical). I'm thinking it must be a "legit" tool (users CAN install pretty much whatever they want in our university environment). The file...
  9. Replies
    8
    Views
    18,279

    Snort reported UDP scans

    Anyone seen this type of activity?:

    On 11/29, an internal workstation appeared to perform UDP portscans to 27 unique external IPs. All the external addresses examined were foreign (mostly Brazil...
  10. Replies
    3
    Views
    11,492

    I was thinking along those lines, but I can't any...

    I was thinking along those lines, but I can't any information on what "normal" behavior would look like (like someone not forgeting to log off). My thoughts are that if it was normal: I'd see it more...
  11. Replies
    3
    Views
    11,492

    unusual file transfer, I think...

    My Snort shows me plently of Yahoo file transfers, and we don't care about them normally; just the ones that happen at odd hours (which aren't too many). I can't tell if this is legitimate, or if...
  12. Replies
    9
    Views
    9,139

    echo the Unix pitch...

    If you're going to get serious about network monitoring and such -- you really should invest some energy into a Unix/Linux box...
  13. Replies
    2
    Views
    10,304

    thanks

    Hmm, guess I'll have to start looking closer then... no "good" reason for this behavior.

    Thanks for the input.
    ~m
  14. Replies
    2
    Views
    10,304

    Instant messenger behavior

    So, I'm looking at my Snort logs with a focus on looking for odd after-hours type of file-transfer nastiness, and I keep seeing Yahoo IM logons from the same box at random late-night hours during the...
  15. Replies
    2
    Views
    17,395

    don't know if this input will help, but...

    We have both here and the analyst that monitors them says TP is easier to work with. I've only set up and used the SF box for a short time and found it to be clunky (slow interface) -- and that was...
  16. Thread: USB Interference

    by Mykol
    Replies
    19
    Views
    17,875

    RF noise

    Although I don't have one anymore (AA - crackberry meetings took care of that), everyone I know currently with one and myself, just got used to hearing occassional bursts of static on any PC speaker...
  17. Replies
    13
    Views
    20,059

    yep

    ...that's what I was leading to -- an update, or a certificate update. Just wondering if anyone had any insight on anything *else* that may be going on. If it were Internet Exploder, I'd immediately...
  18. Replies
    13
    Views
    20,059

    FireFox calling home?

    I just happened to be running Wireshark doing some other stuff and noticed an very short SSL exchange happen. I had Firefox open, but only on a couple of regular http pages. Any ideas? I didn't think...
  19. Replies
    0
    Views
    6,667

    volume shadow copy service

    This may be old news to you, but it was new to me... I was reading about Vista and volume shadow copy on /. (http://it.slashdot.org/it/07/07/14/071237.shtml) when I decided to try running...
  20. Replies
    10
    Views
    16,018

    open-ness of our network

    Agree on the need to lock down more, but I've got one word for ya: university. Need I say more...?
  21. Replies
    10
    Views
    16,018

    you beat me to it!

    dang, you beat me to the punch -- I just saw that...!

    http://pages.tvunetworks.com/doc/whatis.html

    I'm only assuming that the user did NOT install the broadcasting application; or even if he...
  22. Replies
    13
    Views
    5,682

    amazing that pump-n-dumps still actually work......

    amazing that pump-n-dumps still actually work... (assuming that they must or they wouldn't be still used).
  23. Replies
    2
    Views
    14,921

    thanks

    cool. Thanks. didn't think of a big ol' NOT...

    will try it out.
  24. Replies
    10
    Views
    16,018

    unusual traffic outbound and TVUPlayer

    I've just started the forensics on this, but wanted to see if anyone had a similiar experience with this software... A user downloaded/installed/used a TV viewer (http://tvunetworks.com/) -- the our...
  25. Replies
    2
    Views
    14,921

    writing Snort rules

    I'm learning to write snort rules. Wow, some are really straight forward, and some are "out there."

    It occurred to me that Snort is really busy -- after going through some of the thousands of...
Results 1 to 25 of 76
Page 1 of 4 1 2 3 4