Search:
Type: Posts; User: tolstoy; Keyword(s):
Search:
Search took 0.01 seconds.
-
March 23rd, 2004, 12:18 PM
Thanks for the reply, Net2Infinity. The time stamp on the file does coinside somewhat with my CF install. Nothing on Macromedia's site about that file however. I may have to give them a call as you...
-
March 22nd, 2004, 02:04 AM
I did the install for the box myself, but an outside vendor has been taking care of it for the most part (they have a DB app on it that runs off ColdFusion). I hate to admit it, but other than...
-
March 20th, 2004, 01:21 AM
To answer Net2Infinity's question, this box is running cold fusion.
Also, this box is at the most current service packs and hotfixes, and usually recieves these within a few days of their releases....
-
March 19th, 2004, 07:14 PM
Recently I have found an app called NTAdminRights.exe in the root of my C: Drive on one of my IIS servers in my DMZ. I am running on the assumption that this prog got there via and IIS exploit (that...
-
November 24th, 2003, 08:26 PM
Whether or not you run your nic in promiscous mode or not, you very highly doubt you are not going to see non-broadcast traffic. I'm sure your ISP will tell you it is unacceptable to run a sniffer,...
-
July 24th, 2003, 05:55 PM
Thanks for the link. I did browse the good old man page from the cli. I guess you are probably right and I'll try being a little less verbose and see if that helps some.
-
July 24th, 2003, 05:02 PM
Ok, I've been tumping a lot of traffic with the command: tcpdump -i eth1 -s 1500 -X -vvv -w packetlog.
Now, when I try to read the capture into Etherreal (on Windows) it crashes the app and tells...
-
July 22nd, 2003, 10:03 PM
I'm still seeing these occassionaly alerts as well. They are being generated by three boxes on my network, one being a sendmail box (just like you), but the other two are Win2k Pro, and are the...
-
July 22nd, 2003, 04:18 PM
If ident is triggering these snort alerts, the original destination port listed in the alert should be 113. In some of the alerts you have posted, I have seen other destination ports referneced...
-
July 15th, 2003, 02:28 AM
I, as well, am still seeing a few of these alerts on my IDS. Though I have not figured them out, I can attest that they are NOT the result of spoofed traffic, but are the result of hosts on my LAN...
-
July 10th, 2003, 03:43 PM
Like I said, the only thing that makes my wonder about this traffic is that we also block all ICMP traffic, inbound and outbound. So I looked at these alerts and said "Humm, how the hell did that get...
-
July 10th, 2003, 03:21 AM
I've been seeing the same type of alerts on my snort box. I usually get one or two every few days and have yet to figure them out either. The ICMP messages seem to be directed back to boxes on my...
-
June 26th, 2003, 08:56 PM
Has anyone used this (FinJan Surfin Gate) or have any opinions on it? I was thinking of using it as a web proxy but was wondering if anyone out there can give me any advice from the field.
-
June 24th, 2003, 10:28 PM
RAS is M$'s Remote Access Server. It's built into Win2k Server. Most books that cover Win2k Server administration usually have a chapter or two on RAS.
Now when you say that this is not going to...
-
June 23rd, 2003, 11:51 PM
I would not be that reluctant to set up a RAS server. It does sound like what you are looking for, and as far as I remember, you can encrypt the traffic between the two end points. RAS can be...
-
June 17th, 2003, 04:32 PM
Thanks Networker. So far, my counters on that interface have been fairly clear.
-
June 17th, 2003, 03:27 PM
I guess I mean port monitoring. I have also heard people refer to it as port spanning--Cisco Switched Port Analyzer (SPAN). In other words, running the IOS command:
My_Switch(config-if)#port...
-
June 17th, 2003, 02:28 PM
I don't know if this is the right place to ask this, but since it involves traffic monitoring somewhat, I'm hoping someone here will have the answer. I am currently spanning a small VLAN (approx 15...
-
June 12th, 2003, 12:31 PM
To disagree with myself, and agree with Ronin, if you have the money, multiple sensors on multiple boxes is definately the way to go. Also, depending on the amount of traffic on your LAN/WAN, one box...
-
June 12th, 2003, 01:29 AM
They already have an AV software, its called windows update. :p Talk about total crap--they sell a defective, completely exploitable product, then they sell you the stuff to protect and fix it....
-
June 12th, 2003, 01:24 AM
Mirroring, monitoring or spanning (whatever you want to call it) simply copies all traffic destined to one port to an additional (or monitoring) port. So if you span your FastEthernet switch ports...
-
June 11th, 2003, 11:26 PM
I would think about doing this:
1) I would think about replacing your DMZ switch with a hub, or at least spanning the port that leads to your DMZ router. If your DMZ is on its own VLAN, then you...
-
June 11th, 2003, 10:27 PM
Thanks Vic, worked like a charm. I had thought to take rule precidence into account, but I never thought to make a NAT rule that actually specified no NAT at all. Like you suggested, my top-most rule...
-
June 11th, 2003, 10:04 PM
Are you familiar with what boxes or services sit at those IP addresses? Like running and IDS, monitoring firewall logs sometimes forces you to become very familiar with your LAN traffic patterns.
-
June 11th, 2003, 04:46 AM
Thanks for all the help, but nothing I have tried so far has worked (ok, I haven't really had enough quality time to sit down and tackle this head-on yet), but here are my thoughts-->
1)...
|
|