port scans

Steven Jones Steven.Jones at vuw.ac.nz
Wed Oct 20 19:49:01 CDT 2004

Installing iptraf off a rh9 cd might tell you something, if you get a connection to lots of ports on one IP, then repeated...might be easier to use for a newbie than tcpdump.

If it is scanning you have been cracked, re-install.



-----Original Message-----
From: Bartosz Ilkowski [mailto:ilkowski at bioinformatics.buffalo.edu]
Sent: Thursday, 21 October 2004 1:23 p.m.
To: Lisa Preston
Cc: linux-poweredge at dell.com
Subject: Re: port scans


 Simplest: use tcpdump on the appropiate interface, then lsof to find 
the suspected program (if traffic originates on the host), check 
firewalling rules. If the machine was trojaned all that may be meaningless.
 More troublesome approach (legal issues aside): use port mirroring on 
the switch port this machine is connected to and use network analyzer on 
it. Or use an inline analyzer between the machine and switch/hub.


Lisa Preston wrote:

>I think my rh 2.1 box is doing port scans.   How can I tell by looking at
>the system?
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.779 / Virus Database: 526 - Release Date: 10/19/2004

Linux-PowerEdge mailing list
Linux-PowerEdge at dell.com
Please read the FAQ at http://lists.us.dell.com/faq

More information about the Linux-PowerEdge mailing list