Security Basics mailing list archives
RE: IPS log analysis
From: "Sergio Castro" <sergio.castro () unicin net>
Date: Mon, 12 May 2008 13:58:57 -0500
Hi Erika, Nmap can easily spoof IPs using -S <IP_Address> Does that answer your question? Or where you looking for a down-to-the-packet answer? As to what the attackers are trying to do, well, changing the password and running executables is the aim of every single black hat out there :) Question for you: if the DB is not supposed to have any traffic, why does it have assigned a public IP? - Sergio -----Mensaje original----- De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de erika_cissp () yahoo com Enviado el: Lunes, 12 de Mayo de 2008 11:58 a.m. Para: security-basics () securityfocus com Asunto: Re: IPS log analysis This is from TippingPoint central management console. I'd really like to know: How they are forging the source IP to appear as if it is on the same class C as the destination (There should be no traffic to this DB) What they are trying to do. I did some research and it looks as if they are trying to change the password and then run an executable. Any ideas? Thanks in advance __________ NOD32 3093 (20080512) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
Current thread:
- IPS log analysis erika_cispp (May 12)
- Re: IPS log analysis LGM (May 12)
- <Possible follow-ups>
- Re: IPS log analysis erika_cissp (May 12)
- RE: IPS log analysis Sergio Castro (May 12)