RE: rogue IP address

["Chris Berry" <compjma () hotmail com>]

> From: "Burton M. Strauss III" <BStrauss () acm org>
> Try using tcpdump to see if you can sniff the packet streams and run
> something like strings on it.  It may give you login names etc. that you
> recognize.
>
> tcpdump -w x.raw -c50
> strings x.raw | grep USER
> strings x.raw | grep PASS   (Since people use their mail address for
> anonymous ftp)

Hey, that's pretty clever, I like that idea.  You'll probably end up have to 
go with one of the more brute force methods like switching things off till 
you isolate it though.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"This email is ROT26 encrypted, by reading it you are in violation of the 
DMCA, and should turn yourself in to the authorities immediately."

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------