[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: Re: Suspicious traffic w src & dst port 19161
From: Kyle Maxwell <krmaxwell () gmail ! com>
Date: 2005-04-29 3:58:37
Message-ID: 4f0e191c05042820586afb229b () mail ! gmail ! com
[Download RAW message or body]
On 4/28/05, Fergie (Paul Ferguson) <fergdawg@netzero.net> wrote:
> Any ideas? I can probably get a trace, but I thought I
> would ask the list first..
A trace would indeed be helpful. There was some discussion of what
might be related traffic on the Internet Storm Center last spring; see
http://isc.sans.org/diary.php?date=2004-05-18. Additional suggestions
were provided in http://isc.sans.org/diary.php?date=2004-06-01 (to
change the fragmentation detection settings).
I didn't see any more discussion on the ISC, so unless someone else on
the list knows more (hopefully!), your captures will probably be a big
help.
--
Kyle Maxwell
[krmaxwell@gmail.com]
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic