Search:
Type: Posts; User: Mykol; Keyword(s):
Search:
Search took 0.07 seconds.
-
February 28th, 2011, 05:35 PM
Did I miss this part in all this discussion: what are common denominators each time? User and hardware, if I read it right (granted, I only skimmed the postings). Random BSODs are going to be a...
-
February 25th, 2011, 04:04 PM
Note on morganlefay's comment: Do you allow p2p?
If someone installed a p2p or sharing client, it will go out on port 80 (usually) and advertise itself as participating on the network. Others...
-
February 25th, 2011, 03:59 PM
Don't overlook the fact that they made it there in the first place. More important thatn fixing the damage right now is to concentrate on finding out how they got there in the first place: fix that...
-
February 25th, 2011, 03:56 PM
Oh "human errer" you have much to learn, young Jedi.
Finding and suing the spammers is impossible next only to getting Microsoft to fix security issues....
In one case, you'd have to travel to...
-
February 25th, 2011, 03:51 PM
Debts fall into several categories, usually ranked by likelihood of being able to collect on them. Some debt collections companies will "buy" groups of them (well, the information of the...
-
January 16th, 2008, 04:25 PM
I'm generating custom packets to test some IDS rules and using nemesis dns, in this case. The documentation says I can feed it a payload file (which is perfect, 'cause I can then tweak specific...
-
December 13th, 2007, 06:39 PM
Never found out what this was. But that's something I hadn't thought of, nihil. I saw something like this a few months ago where a user downloaded a streaming viewer -- malware alarms never went off...
-
December 10th, 2007, 05:06 PM
Good ideas. Admin claims no malware (although I'm skeptical). I'm thinking it must be a "legit" tool (users CAN install pretty much whatever they want in our university environment). The file...
-
December 5th, 2007, 03:17 PM
Anyone seen this type of activity?:
On 11/29, an internal workstation appeared to perform UDP portscans to 27 unique external IPs. All the external addresses examined were foreign (mostly Brazil...
-
December 5th, 2007, 03:13 PM
I was thinking along those lines, but I can't any information on what "normal" behavior would look like (like someone not forgeting to log off). My thoughts are that if it was normal: I'd see it more...
-
December 3rd, 2007, 03:27 PM
My Snort shows me plently of Yahoo file transfers, and we don't care about them normally; just the ones that happen at odd hours (which aren't too many). I can't tell if this is legitimate, or if...
-
September 24th, 2007, 03:16 PM
If you're going to get serious about network monitoring and such -- you really should invest some energy into a Unix/Linux box...
-
September 19th, 2007, 05:52 PM
Hmm, guess I'll have to start looking closer then... no "good" reason for this behavior.
Thanks for the input.
~m
-
September 17th, 2007, 02:08 PM
So, I'm looking at my Snort logs with a focus on looking for odd after-hours type of file-transfer nastiness, and I keep seeing Yahoo IM logons from the same box at random late-night hours during the...
-
September 17th, 2007, 02:02 PM
We have both here and the analyst that monitors them says TP is easier to work with. I've only set up and used the SF box for a short time and found it to be clunky (slow interface) -- and that was...
-
July 26th, 2007, 02:53 PM
Although I don't have one anymore (AA - crackberry meetings took care of that), everyone I know currently with one and myself, just got used to hearing occassional bursts of static on any PC speaker...
-
July 25th, 2007, 03:45 PM
...that's what I was leading to -- an update, or a certificate update. Just wondering if anyone had any insight on anything *else* that may be going on. If it were Internet Exploder, I'd immediately...
-
July 25th, 2007, 01:45 PM
I just happened to be running Wireshark doing some other stuff and noticed an very short SSL exchange happen. I had Firefox open, but only on a couple of regular http pages. Any ideas? I didn't think...
-
July 16th, 2007, 03:18 PM
This may be old news to you, but it was new to me... I was reading about Vista and volume shadow copy on /. (http://it.slashdot.org/it/07/07/14/071237.shtml) when I decided to try running...
-
July 16th, 2007, 03:14 PM
Agree on the need to lock down more, but I've got one word for ya: university. Need I say more...?
-
July 12th, 2007, 08:28 PM
dang, you beat me to the punch -- I just saw that...!
http://pages.tvunetworks.com/doc/whatis.html
I'm only assuming that the user did NOT install the broadcasting application; or even if he...
-
July 12th, 2007, 07:47 PM
amazing that pump-n-dumps still actually work... (assuming that they must or they wouldn't be still used).
-
July 12th, 2007, 07:34 PM
cool. Thanks. didn't think of a big ol' NOT...
will try it out.
-
July 12th, 2007, 07:29 PM
I've just started the forensics on this, but wanted to see if anyone had a similiar experience with this software... A user downloaded/installed/used a TV viewer (http://tvunetworks.com/) -- the our...
-
June 26th, 2007, 08:54 PM
I'm learning to write snort rules. Wow, some are really straight forward, and some are "out there."
It occurred to me that Snort is really busy -- after going through some of the thousands of...
|
|