Re: pc generating unauthorized http scans

["Salvador III Manaois" <badzmanaois () gmail com>]

Hi Donald,

Are the scans occurring randomly or only during certain times of the
day? It could be possible that your machine has been compromised and
is being used as a launching pad for further attacks or scans
(zombie). Or a malware could have infected your PC which tries to scan
other vulnerable systems in your network. There are a lot of
possibilities here. You should consult your corporate legal officer as
to which step to take. You may have to take the machine offline and
have the HDD go through forensics analysis.

Look for rogue services or malicious processes and auto-starting apps.
Use Sysinternals' autoruns or msconfig to sift through all the
autostart entries. Run a full scan of the system to check for
potential malware infection. Check for listening ports (do not use
netstat, rather use fport or tcpview) and the processes attached to
these ports; a hacker or a malware could be using this to "call-home."

Regards,

Salvador Manaois III
MCITP | Server/Enterprise Administrator
C|EH CIWA MCSE MCSA MCTS
Bytes & Badz: http://badzmanaois.blogspot.com


On Thu, Nov 20, 2008 at 7:54 AM, Donald Raikes <DON.RAIKES () oracle com> wrote:
> Hello,
> Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other 
> systems within our network.
>
> I am not running any kind of scans, nor have I authorized anything to run such scans.
>
> How can I determine what is performing these scans?