[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: pc generating unauthorized http scans
From:       krymson () gmail ! com
Date:       2008-11-25 14:30:16
Message-ID: 200811251430.mAPEUGeK006162 () www3 ! securityfocus ! com
[Download RAW message or body]

Isn't that a question for the security team that identified your computer? I find it \
irresponsible to point out a security threat and then leave the user to figure out \
what is going on, especially if this is a system they own and even more especially if \
you're not an admin on it.

You should ask that security team what they detected and how they detected it. Is it \
bursting at certain times of day, or is it very regular? Where is it going? What is \
that traffic trying to do, just find open port 80 connections?

I would otherwise look at the other suggestions. Check output from Wireshark and \
TCPView and see what you can find out. But I'm ultimately disappointed in that \
security team...

<- snip ->
Hello,
Recently, our corporate security team identified that my windows xp pc was performing \
a number of http scans of other systems within our network.

I am not running any kind of scans, nor have I authorized anything to run such scans.

How can I determine what is performing these scans?


[prev in list] [next in list] [prev in thread] [next in thread]