Results 1 to 3 of 3

Thread: Firewall forensics revisited

  1. #1
    Senior Member
    Join Date
    Aug 2003

    Firewall forensics revisited

    Got a question that has had me tugging at my hair for the last few days. I've been noticing some unusual activity in my firewall logs the last few days, but no big deal because they are all getting knocked down.

    Through various means, I can find out what services are running on what ports, what services are assigned, etc. However, what I can't seem to find anything that goes more in depth.

    For example, tonight I had a ping at port 3065. I don't really care if it was normal, it was just that it was something I hadn't seen before. It was blocked, so again, no big deal. My firewall tells me that it was for splinterbase, view.atdmt.com, etc. So I go to try to find out what splinterbase is, but all I can find on Google is port listings, no explanation of what the hell it is.

    Is there some resource somewhere that explains what some of these services are? I hate to keep asking here when it's something (I think) I should be able to find on my own.


  2. #2
    Junior Member
    Join Date
    Sep 2003
    Hi Groovicus,

    Try following this link

    It is an article on the Borland site relating to an Interbase security hole

    Might provide some insight to your system prodder's objective.

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Harumph... thats probably why I could find anythng...I Googled Interbase and found tons. (Thanks Vectra)

    So to follow up my original question, does anybody have any particular resources they use when checking out things like the above mentioned? (besides Google)....does one search engine work better than another for technical information? I haven't found that to be the case, but maybe I am missing something.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts