----- Original Message ----- From: "H C" <keydet89at_private> > I'm really kind of suprised that a CISSP is taking > this approach to such a problem. Why? what is wrong in asking the community when one has done all the research he was able to do? Isn't it what this list is for? And how do you know why he is asking - maybe his security policy asks him to investigate this specific case? > packets headed for this port. Fine. *How* did they > find them? Were they dropped by a firewall? If > so...so what? Better to spend the time on things that > matter than chasing after shiny objects. Again, I prefer not to teach a person to do his job unless I am asked for this :) Maybe this system is so crytical that it is needed to investigate a slightest possibility of compromise/unknown exploit? And what is wrong with pure curiosity? :) > Were they logged by an IDS? If so, what data is > carried in the datagram? He said it was a scan, so presumably the data portion was empty. > this group, maybe what they can do is identify the > systems using the destination IPs of the datagrams, > then go to those boxes and run fport.exe (NT/2K) or > 'netstat -ano' (XP) or lsof (Linux) to see if anything > *is*, in fact, listening on that port. If they find nothing, this still will not answer the question on what the scanning person was looking for. Regards, Vitaly. P.S. Yes, I'm a CISSP too :) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 13:56:37 PDT