Steven.Jones at vuw.ac.nz
Wed Oct 20 19:49:01 CDT 2004
Installing iptraf off a rh9 cd might tell you something, if you get a connection to lots of ports on one IP, then repeated...might be easier to use for a newbie than tcpdump.
If it is scanning you have been cracked, re-install.
From: Bartosz Ilkowski [mailto:ilkowski at bioinformatics.buffalo.edu]
Sent: Thursday, 21 October 2004 1:23 p.m.
To: Lisa Preston
Cc: linux-poweredge at dell.com
Subject: Re: port scans
Simplest: use tcpdump on the appropiate interface, then lsof to find
the suspected program (if traffic originates on the host), check
firewalling rules. If the machine was trojaned all that may be meaningless.
More troublesome approach (legal issues aside): use port mirroring on
the switch port this machine is connected to and use network analyzer on
it. Or use an inline analyzer between the machine and switch/hub.
Lisa Preston wrote:
>I think my rh 2.1 box is doing port scans. How can I tell by looking at
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.779 / Virus Database: 526 - Release Date: 10/19/2004
Linux-PowerEdge mailing list
Linux-PowerEdge at dell.com
Please read the FAQ at http://lists.us.dell.com/faq
More information about the Linux-PowerEdge