|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Traffic with 55808 tcp windows size: news.
From: Fabio Panigatti <ml-panigatti(at)minerprint.it>
Date: Thu Jun 26 2003 - 10:13:37 EDT
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com
Received on Thu Jun 26 18:34:42 2003
Date: Thu Jun 26 2003 - 10:13:37 EDT
I went through a lot of tests in the past weeks in order to track the suspect
hidden trojan or backdoor on my host targeted by this kind of traffic. One of
those tests was to permit outgoing traffic for some "suspect" applications by
means of a SOCKS proxy (forward is not enabled from this host to the rest of
the world). From Jun 20 the suspect incoming traffic changed target: now the
new target is the proxy ip address. No more 55808 packets destined to the old
address until now.
I'll try to provide more information on the next days.
Fabio
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com
Received on Thu Jun 26 18:34:42 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:09 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |