[prev in list] [next in list] [prev in thread] [next in thread] 

List:       incidents
Subject:    Re: Suspicious traffic w src & dst port 19161
From:       Kyle Maxwell <krmaxwell () gmail ! com>
Date:       2005-04-29 3:58:37
Message-ID: 4f0e191c05042820586afb229b () mail ! gmail ! com
[Download RAW message or body]

On 4/28/05, Fergie (Paul Ferguson) <fergdawg@netzero.net> wrote:
> Any ideas? I can probably get a trace, but I thought I
> would ask the list first..

A trace would indeed be helpful. There was some discussion of what
might be related traffic on the Internet Storm Center last spring; see
http://isc.sans.org/diary.php?date=2004-05-18. Additional suggestions
were provided in http://isc.sans.org/diary.php?date=2004-06-01 (to
change the fragmentation detection settings).

I didn't see any more discussion on the ISC, so unless someone else on
the list knows more (hopefully!), your captures will probably be a big
help.

-- 
Kyle Maxwell
[krmaxwell@gmail.com]

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]