Search:

Did I miss this part in all this discussion: what are common denominators each time? User and hardware, if I read it right (granted, I only skimmed the postings). Random BSODs are going to be a...

Note on morganlefay's comment: Do you allow p2p?

If someone installed a p2p or sharing client, it will go out on port 80 (usually) and advertise itself as participating on the network. Others...

Don't overlook the fact that they made it there in the first place. More important thatn fixing the damage right now is to concentrate on finding out how they got there in the first place: fix that...

Oh "human errer" you have much to learn, young Jedi.

Finding and suing the spammers is impossible next only to getting Microsoft to fix security issues....

In one case, you'd have to travel to...

Debts fall into several categories, usually ranked by likelihood of being able to collect on them. Some debt collections companies will "buy" groups of them (well, the information of the...

I'm generating custom packets to test some IDS rules and using nemesis dns, in this case. The documentation says I can feed it a payload file (which is perfect, 'cause I can then tweak specific...

Never found out what this was. But that's something I hadn't thought of, nihil. I saw something like this a few months ago where a user downloaded a streaming viewer -- malware alarms never went off...

Good ideas. Admin claims no malware (although I'm skeptical). I'm thinking it must be a "legit" tool (users CAN install pretty much whatever they want in our university environment). The file...

Anyone seen this type of activity?:

On 11/29, an internal workstation appeared to perform UDP portscans to 27 unique external IPs. All the external addresses examined were foreign (mostly Brazil...

I was thinking along those lines, but I can't any information on what "normal" behavior would look like (like someone not forgeting to log off). My thoughts are that if it was normal: I'd see it more...

My Snort shows me plently of Yahoo file transfers, and we don't care about them normally; just the ones that happen at odd hours (which aren't too many). I can't tell if this is legitimate, or if...

If you're going to get serious about network monitoring and such -- you really should invest some energy into a Unix/Linux box...

Hmm, guess I'll have to start looking closer then... no "good" reason for this behavior.

Thanks for the input.
~m

So, I'm looking at my Snort logs with a focus on looking for odd after-hours type of file-transfer nastiness, and I keep seeing Yahoo IM logons from the same box at random late-night hours during the...

We have both here and the analyst that monitors them says TP is easier to work with. I've only set up and used the SF box for a short time and found it to be clunky (slow interface) -- and that was...

Although I don't have one anymore (AA - crackberry meetings took care of that), everyone I know currently with one and myself, just got used to hearing occassional bursts of static on any PC speaker...

...that's what I was leading to -- an update, or a certificate update. Just wondering if anyone had any insight on anything *else* that may be going on. If it were Internet Exploder, I'd immediately...

I just happened to be running Wireshark doing some other stuff and noticed an very short SSL exchange happen. I had Firefox open, but only on a couple of regular http pages. Any ideas? I didn't think...

This may be old news to you, but it was new to me... I was reading about Vista and volume shadow copy on /. (http://it.slashdot.org/it/07/07/14/071237.shtml) when I decided to try running...

Agree on the need to lock down more, but I've got one word for ya: university. Need I say more...?

dang, you beat me to the punch -- I just saw that...!

http://pages.tvunetworks.com/doc/whatis.html

I'm only assuming that the user did NOT install the broadcasting application; or even if he...

amazing that pump-n-dumps still actually work... (assuming that they must or they wouldn't be still used).

cool. Thanks. didn't think of a big ol' NOT...

will try it out.

I've just started the forensics on this, but wanted to see if anyone had a similiar experience with this software... A user downloaded/installed/used a TV viewer (http://tvunetworks.com/) -- the our...

I'm learning to write snort rules. Wow, some are really straight forward, and some are "out there."

It occurred to me that Snort is really busy -- after going through some of the thousands of...