April 27th, 2003, 09:30 PM
Common Incoming TCP/UDP Traffic
I found this link recently and thought I'd share its informational wealth. This is a great explanation and breakdown of all kinds of traffic that you might be seeing in your firewall logs.
Anyways, it's *loaded* with information on everything from Trojans and Registrar Databases to ICMP traffic and Tracerouting. Check it out.
(I put it under this forum because it's mainly about Firewall Logs.)
The object of war is not to die for your country but to make the other bastard die for his - George Patton
April 27th, 2003, 09:50 PM
This looks excellent from what I've read so far. It seems this page would be excellent resource for newbs, and a valuable resource for the experienced.
April 27th, 2003, 11:41 PM
April 27th, 2003, 11:46 PM
Shag Devil,this one newbie thanx you a lot for your effort.walter.
April 28th, 2003, 12:25 AM
Quallity link thanks for the info
April 28th, 2003, 09:07 AM
A good link, but unfortunatly not exhaustive! I would not base my sec policy on it ...
just an example: Evilbots & other IRC's that use port udp/6667 & udp/6668 to rcv/send info from/to the attacker.
These bots can be easily found in the net or be programmed. Sript kiddies love it...
[shadow] SHARING KNOWLEDGE[/shadow]