Security Basics mailing list archives
Re: pc generating unauthorized http scans
From: "J. Oquendo" <sil () infiltrated net>
Date: Thu, 20 Nov 2008 10:13:39 -0600
On Wed, 19 Nov 2008, Donald Raikes wrote:
Hello, Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other systems within our network. I am not running any kind of scans, nor have I authorized anything to run such scans. How can I determine what is performing these scans?
On Windows, you could use tcpview from sysinternals: http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx If its a nix variant then you could use lsof, netstat: e.g. lsof -iPl netstat -ln|awk '/tcp|udp/' You could run an analyzer on the wire (Wireshark, Sniffer Pro, etc). Depends... Your best bet to find which program is doing the scanning in the quickest, cleanest way though on XP in my opinion would be with tcpview. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Each player must accept the cards life deals him or her: but once they are in hand, he or she alone must decide how to play the cards in order to win the game." Voltaire 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
Current thread:
- pc generating unauthorized http scans Donald Raikes (Nov 20)
- RE: pc generating unauthorized http scans Julio Crespo (Nov 20)
- Re: pc generating unauthorized http scans Salvador III Manaois (Nov 20)
- Re: pc generating unauthorized http scans Shreyas Zare (Nov 20)
- Re: pc generating unauthorized http scans J. Oquendo (Nov 20)
- <Possible follow-ups>
- RE: pc generating unauthorized http scans Donald Raikes (Nov 20)
- Re: pc generating unauthorized http scans infolookup (Nov 20)
- Re: pc generating unauthorized http scans krymson (Nov 25)