Security Basics mailing list archives

Re: pc generating unauthorized http scans

From: krymson () gmail com
Date: Tue, 25 Nov 2008 07:30:16 -0700

Isn't that a question for the security team that identified your computer? I find it irresponsible to point out a 
security threat and then leave the user to figure out what is going on, especially if this is a system they own and 
even more especially if you're not an admin on it.

You should ask that security team what they detected and how they detected it. Is it bursting at certain times of day, 
or is it very regular? Where is it going? What is that traffic trying to do, just find open port 80 connections?

I would otherwise look at the other suggestions. Check output from Wireshark and TCPView and see what you can find out. 
But I'm ultimately disappointed in that security team...

<- snip ->
Hello,
Recently, our corporate security team identified that my windows xp pc was performing a number of http scans of other 
systems within our network.

I am not running any kind of scans, nor have I authorized anything to run such scans.

How can I determine what is performing these scans?

Current thread:

pc generating unauthorized http scans Donald Raikes (Nov 20)
- RE: pc generating unauthorized http scans Julio Crespo (Nov 20)
- Re: pc generating unauthorized http scans Salvador III Manaois (Nov 20)
- Re: pc generating unauthorized http scans Shreyas Zare (Nov 20)
- Re: pc generating unauthorized http scans J. Oquendo (Nov 20)
- <Possible follow-ups>
- RE: pc generating unauthorized http scans Donald Raikes (Nov 20)
- Re: pc generating unauthorized http scans infolookup (Nov 20)
- Re: pc generating unauthorized http scans krymson (Nov 25)