Security Basics mailing list archives

Re: pc generating unauthorized http scans

From: "J. Oquendo" <sil () infiltrated net>
Date: Thu, 20 Nov 2008 10:13:39 -0600

On Wed, 19 Nov 2008, Donald Raikes wrote:

Hello,
Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other 
systems within our network.

I am not running any kind of scans, nor have I authorized anything to run such scans.

How can I determine what is performing these scans?


On Windows, you could use tcpview from sysinternals:
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx



If its a nix variant then you could use lsof, netstat: e.g.

lsof -iPl
netstat -ln|awk '/tcp|udp/'

You could run an analyzer on the wire (Wireshark, Sniffer Pro, etc).

Depends... Your best bet to find which program is doing the
scanning in the quickest, cleanest way though on XP in my
opinion would be with tcpview.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Each player must accept the cards life deals him
or her: but once they are in hand, he or she alone
must decide how to play the cards in order to win
the game." Voltaire

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E

Current thread:

pc generating unauthorized http scans Donald Raikes (Nov 20)
- RE: pc generating unauthorized http scans Julio Crespo (Nov 20)
- Re: pc generating unauthorized http scans Salvador III Manaois (Nov 20)
- Re: pc generating unauthorized http scans Shreyas Zare (Nov 20)
- Re: pc generating unauthorized http scans J. Oquendo (Nov 20)
- <Possible follow-ups>
- RE: pc generating unauthorized http scans Donald Raikes (Nov 20)
- Re: pc generating unauthorized http scans infolookup (Nov 20)
- Re: pc generating unauthorized http scans krymson (Nov 25)