Search:

Type: Posts; User: tolstoy; Keyword(s):

Page 1 of 2 1 2

Search: Search took 0.01 seconds.

  1. Replies
    12
    Views
    4,927

    Thanks for the reply, Net2Infinity. The time...

    Thanks for the reply, Net2Infinity. The time stamp on the file does coinside somewhat with my CF install. Nothing on Macromedia's site about that file however. I may have to give them a call as you...
  2. Replies
    12
    Views
    4,927

    I did the install for the box myself, but an...

    I did the install for the box myself, but an outside vendor has been taking care of it for the most part (they have a DB app on it that runs off ColdFusion). I hate to admit it, but other than...
  3. Replies
    12
    Views
    4,927

    To answer Net2Infinity's question, this box is...

    To answer Net2Infinity's question, this box is running cold fusion.
    Also, this box is at the most current service packs and hotfixes, and usually recieves these within a few days of their releases....
  4. Replies
    12
    Views
    4,927

    I have been violated!

    Recently I have found an app called NTAdminRights.exe in the root of my C: Drive on one of my IIS servers in my DMZ. I am running on the assumption that this prog got there via and IIS exploit (that...
  5. Replies
    11
    Views
    10,038

    Whether or not you run your nic in promiscous...

    Whether or not you run your nic in promiscous mode or not, you very highly doubt you are not going to see non-broadcast traffic. I'm sure your ISP will tell you it is unacceptable to run a sniffer,...
  6. Thread: tcpdump help

    by tolstoy
    Replies
    5
    Views
    34,992

    Thanks for the link. I did browse the good old...

    Thanks for the link. I did browse the good old man page from the cli. I guess you are probably right and I'll try being a little less verbose and see if that helps some.
  7. Thread: tcpdump help

    by tolstoy
    Replies
    5
    Views
    34,992

    tcpdump help

    Ok, I've been tumping a lot of traffic with the command: tcpdump -i eth1 -s 1500 -X -vvv -w packetlog.

    Now, when I try to read the capture into Etherreal (on Windows) it crashes the app and tells...
  8. I'm still seeing these occassionaly alerts as...

    I'm still seeing these occassionaly alerts as well. They are being generated by three boxes on my network, one being a sendmail box (just like you), but the other two are Win2k Pro, and are the...
  9. If ident is triggering these snort alerts, the...

    If ident is triggering these snort alerts, the original destination port listed in the alert should be 113. In some of the alerts you have posted, I have seen other destination ports referneced...
  10. I, as well, am still seeing a few of these alerts...

    I, as well, am still seeing a few of these alerts on my IDS. Though I have not figured them out, I can attest that they are NOT the result of spoofed traffic, but are the result of hosts on my LAN...
  11. Like I said, the only thing that makes my wonder...

    Like I said, the only thing that makes my wonder about this traffic is that we also block all ICMP traffic, inbound and outbound. So I looked at these alerts and said "Humm, how the hell did that get...
  12. I've been seeing the same type of alerts on my...

    I've been seeing the same type of alerts on my snort box. I usually get one or two every few days and have yet to figure them out either. The ICMP messages seem to be directed back to boxes on my...
  13. Replies
    0
    Views
    3,751

    FinJan Surfin Gate

    Has anyone used this (FinJan Surfin Gate) or have any opinions on it? I was thinking of using it as a web proxy but was wondering if anyone out there can give me any advice from the field.
  14. Replies
    12
    Views
    7,781

    RAS is M$'s Remote Access Server. It's built into...

    RAS is M$'s Remote Access Server. It's built into Win2k Server. Most books that cover Win2k Server administration usually have a chapter or two on RAS.

    Now when you say that this is not going to...
  15. Replies
    12
    Views
    7,781

    I would not be that reluctant to set up a RAS...

    I would not be that reluctant to set up a RAS server. It does sound like what you are looking for, and as far as I remember, you can encrypt the traffic between the two end points. RAS can be...
  16. Replies
    8
    Views
    11,037

    Thanks Networker. So far, my counters on that...

    Thanks Networker. So far, my counters on that interface have been fairly clear.
  17. Replies
    8
    Views
    11,037

    I guess I mean port monitoring. I have also heard...

    I guess I mean port monitoring. I have also heard people refer to it as port spanning--Cisco Switched Port Analyzer (SPAN). In other words, running the IOS command:

    My_Switch(config-if)#port...
  18. Replies
    8
    Views
    11,037

    Cisco span port

    I don't know if this is the right place to ask this, but since it involves traffic monitoring somewhat, I'm hoping someone here will have the answer. I am currently spanning a small VLAN (approx 15...
  19. Replies
    10
    Views
    11,635

    To disagree with myself, and agree with Ronin, if...

    To disagree with myself, and agree with Ronin, if you have the money, multiple sensors on multiple boxes is definately the way to go. Also, depending on the amount of traffic on your LAN/WAN, one box...
  20. Replies
    18
    Views
    20,210

    They already have an AV software, its called...

    They already have an AV software, its called windows update. :p Talk about total crap--they sell a defective, completely exploitable product, then they sell you the stuff to protect and fix it....
  21. Replies
    10
    Views
    11,635

    Mirroring, monitoring or spanning (whatever you...

    Mirroring, monitoring or spanning (whatever you want to call it) simply copies all traffic destined to one port to an additional (or monitoring) port. So if you span your FastEthernet switch ports...
  22. Replies
    10
    Views
    11,635

    I would think about doing this: 1) I would...

    I would think about doing this:

    1) I would think about replacing your DMZ switch with a hub, or at least spanning the port that leads to your DMZ router. If your DMZ is on its own VLAN, then you...
  23. Replies
    6
    Views
    6,334

    Thanks Vic, worked like a charm. I had thought to...

    Thanks Vic, worked like a charm. I had thought to take rule precidence into account, but I never thought to make a NAT rule that actually specified no NAT at all. Like you suggested, my top-most rule...
  24. Replies
    5
    Views
    7,624

    Are you familiar with what boxes or services sit...

    Are you familiar with what boxes or services sit at those IP addresses? Like running and IDS, monitoring firewall logs sometimes forces you to become very familiar with your LAN traffic patterns.
  25. Replies
    6
    Views
    6,334

    Thanks for all the help, but nothing I have tried...

    Thanks for all the help, but nothing I have tried so far has worked (ok, I haven't really had enough quality time to sit down and tackle this head-on yet), but here are my thoughts-->

    1)...
Results 1 to 25 of 35
Page 1 of 2 1 2