Re: [Full-disclosure] IDS logs showing outgoing packets on port 80
Skype? - Original Message - From: Kelly Robinson [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Saturday, November 03, 2007 3:20 PM Subject: [Full-disclosure] IDS logs showing outgoing packets on port 80 In our IDS logs, I notice many outgoing packets coming from port 80 (HTTP). These packets are coming from client PCs. What may be happening? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] IDS logs showing outgoing packets on port 80
In our IDS logs, I notice many outgoing packets coming from port 80 (HTTP). These packets are coming from client PCs. What may be happening? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IDS logs showing outgoing packets on port 80
On 11/3/07, Kelly Robinson [EMAIL PROTECTED] wrote: In our IDS logs, I notice many outgoing packets coming from port 80 (HTTP). These packets are coming from client PCs. What may be happening? If they are replies to an incoming packet, then they are running a web server. If they are not replies to an incoming packet, they are most likely infected and trying to evade IDS detection by using a standard port (80) for CC -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/