October 2nd, 2003, 05:09 AM
Firewall forensics revisited
Got a question that has had me tugging at my hair for the last few days. I've been noticing some unusual activity in my firewall logs the last few days, but no big deal because they are all getting knocked down.
Through various means, I can find out what services are running on what ports, what services are assigned, etc. However, what I can't seem to find anything that goes more in depth.
For example, tonight I had a ping at port 3065. I don't really care if it was normal, it was just that it was something I hadn't seen before. It was blocked, so again, no big deal. My firewall tells me that it was for splinterbase, view.atdmt.com, etc. So I go to try to find out what splinterbase is, but all I can find on Google is port listings, no explanation of what the hell it is.
Is there some resource somewhere that explains what some of these services are? I hate to keep asking here when it's something (I think) I should be able to find on my own.
October 2nd, 2003, 01:46 PM
Try following this link
It is an article on the Borland site relating to an Interbase security hole
Might provide some insight to your system prodder's objective.
October 2nd, 2003, 02:58 PM
Harumph... thats probably why I could find anythng...I Googled Interbase and found tons. (Thanks Vectra)
So to follow up my original question, does anybody have any particular resources they use when checking out things like the above mentioned? (besides Google)....does one search engine work better than another for technical information? I haven't found that to be the case, but maybe I am missing something.