APC PowerChute uses these ports. It is an UPS-monitoring program that is
typically installed on servers.
On a similar note, TrendMicro's Office scan listens on port 12345. So does
the NetBus trojan.
Hope this helps,
Glenn
-Original Message-
From: Nelson, Ernie [mailto:[EMAIL PROTECTED
I have heard from more than a couple sources that there are some burglars
that use out-of-office replies to target homes, by matching email addresses
to street addresses in online directories.
Glenn
-Original Message-
From: Rodel Calvario [mailto:[EMAIL PROTECTED]]
Sent: Thursday, Janua
Try Getmac.exe from Microsoft for your Windows-based computers.
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/getmac-o
.asp
For non-Windows devices, the somewhat shady Cain and Abel will work.
http://www.oxid.it/
Glenn
-Original Message-
From: Johan Denoyer [mai
Note that you can sometimes have tcp/53 connections for queries. For
instance, on Windows nslookup, if you do "ls domain.name" you can see the
tcp/53 connection in netstat.
Glenn
>From the comp.protocols.tcp-ip.domains Frequently Asked Questions (FAQ):
--
Good point. This leads me to a thought...
A better scheme than rewriting N times with equally-dispersed random data
(1010, then 0101, then 0110, etc.) would be to overwrite with "junk" but
pattern-filled data (i.e., data representative of a text file, mp3 file,
etc.). Otherwise what you get is "
Yum!
PCAnywhere65301/tcp
Glenn
-Original Message-
From: Rolf Jürrens [mailto:security@;rolf-juerrens.de]
Sent: Tuesday, October 29, 2002 12:39 AM
To: [EMAIL PROTECTED]
Subject: Slow scan on high-ports?
Hi everyone,
in our firewall-logs I see a slow scan over our whole netwo
I've gotten two (blocked) viruses this morning already:
One from Singapore: type "application/x-msdownload", filename "89012 Amex CQ
DL360 117934-N 310702.xls.pif")
One from New Zealand: type "audio/x-midi", filename "index.html.exe"
Also, another weird spam email with some javascript(?) in it
Check out the articles on SANS regarding egress filtering. Basically, you
want to make sure you are one step ahead of attackers using spoofed IP
addresses.
Google search for:
site:sans.org "egress filtering"
This one has a couple walkthrough scenarios for ipchains, Firewall-1, and
Cisco r
,234,567,890 bytes free
c:\>
-Original Message-
From: Mario Camara [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 24, 2002 10:35 AM
To: 'Wolf, Glenn'; [EMAIL PROTECTED]
Subject: RE: how to tell when a file was last read
Importance: High
Under Windows 98 you should use:
Sounds like a policy issue. If users are doing this so they can get their
email "on the road" or from home, it would probably be worthwhile to set up
a web-mail interface instead. Email IS inherently unsecure (think
post-office personnel reading your postcards). What needs to be weighed is
whet
Legion 2.1 will do #1 for you:
http://www.nmrc.org/files/snt/legion.zip
Glenn
-Original Message-
From: Harish Gondavale [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 6:39 PM
To: [EMAIL PROTECTED]
Subject: How to find open shares on the n/w
Hi,
I am very satisfied with th
Hi, my first post to this group...
Don't use "1337" replacement. L0phtcrack and other password crackers
already check for this. I would recommend something similar to the
following Java applet which generates 10 pronounceable (but
non-dictionary-word) passwords:
http://www.multicians.org/thvv/
12 matches
Mail list logo