Search:
Type: Posts; User: pennconservativ; Keyword(s):
Search:
Search took 0.02 seconds.
-
March 9th, 2005, 01:01 PM
My question would be why would you want to stay away from MS products? I realize that this opinion is a little different than what others posted, but I think that you're best served, and will be a...
-
March 9th, 2005, 12:45 AM
I don't think that there are too many people that would argue with their number one.
As far as what I would add, I don't know that I would necessarily add anything, but I would reword number six. ...
-
March 8th, 2005, 11:44 PM
Solved. It appears that two machines on my network had Sasser. The reason the connections weren't showing in netstat was because I just wasn't using the right switches. This is my gateway device,...
-
March 8th, 2005, 09:19 PM
The MAC matches, but if my host is compromised, shouldn't I be seeing a ton of open connections when I do 'netstat -l'? It's generating about 100 packets/second, so you would think that I would have...
-
March 8th, 2005, 07:43 PM
Okay, this keeps getting wierder. I powered down the computer that I was having problems with, but now when I do an Ethereal capture, I see a ton of scans for port 445 (microsoft-ds) originating...
-
March 8th, 2005, 05:49 PM
I disconnected it from the network as soon as I saw the scans. It has no critical data. I'm gonna boot to Knoppix to scan it and see what I find, then I'll rebuild the machine. If I'm able to...
-
March 8th, 2005, 05:44 PM
Yes, it's a business network. They are private IPs, so I can give you more information. The network that the problem host is on is 192.168.130.0/24. The packets I'm seeing are all SYNs from my...
-
March 8th, 2005, 05:27 PM
Okay, I definitely have a problem. I did an Ethereal capture, and there are a TON of SYN packets going from my machine to machines on the same subnet. What's so wierd is that they're getting...
-
March 8th, 2005, 05:04 PM
I started seeing a ton of messages in my IDS (Snort) showing inbound ICMP Destination host unreachable message. I'm on a net that uses private IPs. The source IP is always one of two addresses. ...
-
March 8th, 2005, 04:03 PM
Saw this one on Slashdot and thought some on here might be interested. Linux Break-In Challenge
Am I the only one that is too paranoid (or ethical) to do any of these? I'm always afraid that if...
-
March 7th, 2005, 12:57 PM
If it's filtering based on content, then it's more than likely an application layer proxy, not technically a firewall. The terminology has become more than a little skewed as perimeter devices...
-
March 6th, 2005, 05:27 PM
I meant assigning different private IPs to the servers providing external services. The external interface on the firewall behind which these servers reside would maintain it's IP assignment(s). ...
-
March 6th, 2005, 02:55 PM
I would tell the admin, but that's just me. I agree with other posters, however, that you shouldn't be assuming that this is a firewall misconfiguration. However, given the fact that are somehow...
-
March 6th, 2005, 02:49 PM
That article on Knoppix is great. Does anyone know if there is a similar way to use Knoppix to do spyware scanning as well?
-
March 6th, 2005, 02:42 PM
Okay, I was debating on posting this in the Newbie forums, but I'm not a newbie, and it's not really a newbie question, so here goes. I currently have a Cisco 2600 to my ISP with no ACLs. Behind...
-
March 6th, 2005, 01:57 AM
From what I've read, this is just a simple case of 'forgot to test our updates before we deploy them.' As bad as it is, we've come to expect this from our software vendors. However, it's a...
|
|