[logs] Syslog

• Previous message: Marcus J. Ranum: "Re: [logs] wtmp, lastlog, etc files"
• Next in thread: Jason Royes: "Re: [logs] Syslog"
• Reply: Jason Royes: "Re: [logs] Syslog"
• Reply: Adrian Grigorof: "Re: [logs] Syslog"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Does anyone know of a script that will check the syslog for any external
connections on know malware ports?

 

This will help to identify internal hosts that may be infected with
certain viruses or malware. We have a Cisco PIX

Sending it's info to a Linux syslog. I have a list of know malware ports
and can run a for loop against each line in the 

Syslog file.  Is there a good site that keeps track of know malware
ports for download?

 

Please send me any resources you may know of regarding identification of
Malware via Syslog searching.

 

 

 

 

*	Gregg Dotoli
*	NADAP
*	(W)  (212)-986-1170 ext. 136
*	(C)   (973)-896-0452

 

 

 

 





_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Jason Royes: "Re: [logs] Syslog"
• Previous message: Marcus J. Ranum: "Re: [logs] wtmp, lastlog, etc files"
• Next in thread: Jason Royes: "Re: [logs] Syslog"
• Reply: Jason Royes: "Re: [logs] Syslog"
• Reply: Adrian Grigorof: "Re: [logs] Syslog"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 07 2004 - 08:02:46 PDT