Results 1 to 10 of 26

Thread: A packet analysis challenge

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

February 14th, 2003, 04:22 PM #9
obake_hakkaa

View Profile

View Forum Posts

Visit Homepage
Junior Member

Join Date

Feb 2003

Posts

15
I too find the "wintask" packets interesting. Notice that both syn packets contain an ack which means this is a responce to something.

It looks like the attacker is testing the FTP server abilities by uploading and downloading the same file, which points to a pub scanning tool. ( it's a one kilo byte test file ...1KBTEST".. also note the "wintask" packet that contains the string "testtesttesttest" and 1KB of data)

The deleting of the space.asp file also matches the sig of a pub scanner. (Grim??)

Thoughts ??

Ferengi Rules of Acquisition:

Rule 59 Free advice is seldom cheap.
Reply With Quote

Quick Navigation Computer Forensics Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: A packet analysis challenge

Thread Tools

Display

Threaded View

Posting Permissions