Security Basics mailing list archives
Re: pc generating unauthorized http scans
From: "Salvador III Manaois" <badzmanaois () gmail com>
Date: Fri, 21 Nov 2008 00:26:08 +0800
Hi Donald, Are the scans occurring randomly or only during certain times of the day? It could be possible that your machine has been compromised and is being used as a launching pad for further attacks or scans (zombie). Or a malware could have infected your PC which tries to scan other vulnerable systems in your network. There are a lot of possibilities here. You should consult your corporate legal officer as to which step to take. You may have to take the machine offline and have the HDD go through forensics analysis. Look for rogue services or malicious processes and auto-starting apps. Use Sysinternals' autoruns or msconfig to sift through all the autostart entries. Run a full scan of the system to check for potential malware infection. Check for listening ports (do not use netstat, rather use fport or tcpview) and the processes attached to these ports; a hacker or a malware could be using this to "call-home." Regards, Salvador Manaois III MCITP | Server/Enterprise Administrator C|EH CIWA MCSE MCSA MCTS Bytes & Badz: http://badzmanaois.blogspot.com On Thu, Nov 20, 2008 at 7:54 AM, Donald Raikes <DON.RAIKES () oracle com> wrote:
Hello, Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other systems within our network. I am not running any kind of scans, nor have I authorized anything to run such scans. How can I determine what is performing these scans?
Current thread:
- pc generating unauthorized http scans Donald Raikes (Nov 20)
- RE: pc generating unauthorized http scans Julio Crespo (Nov 20)
- Re: pc generating unauthorized http scans Salvador III Manaois (Nov 20)
- Re: pc generating unauthorized http scans Shreyas Zare (Nov 20)
- Re: pc generating unauthorized http scans J. Oquendo (Nov 20)
- <Possible follow-ups>
- RE: pc generating unauthorized http scans Donald Raikes (Nov 20)
- Re: pc generating unauthorized http scans infolookup (Nov 20)
- Re: pc generating unauthorized http scans krymson (Nov 25)