On 11/3/07, Kelly Robinson <[EMAIL PROTECTED]> wrote: > > > In our IDS logs, I notice many outgoing packets coming from port 80 (HTTP). > These packets are coming from client PCs. What may be happening?
If they are replies to an incoming packet, then they are running a web server. If they are not replies to an incoming packet, they are most likely infected and trying to evade IDS detection by using a standard port (80) for C&C -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
