Sluggers,
Does anyone know if there's a way/tool to use Linux to snoop the network
and detect which box is the source of infection?
I just built a WinXp box and put it on our local Lan and before I could
even install some virus software it got the sasser.wormb virus (which I
detected with stinger). Ive stingered every box under my control in the
local class C and found none infected, but perhaps this virus is coming
from else where on the "corporate network".
Is there any way I can use tcpdump/linux tools to detect where the port
scanning is coming from? The Linux box is on the same Hub (yes hub not
switch) as the "honey pot".
TIA's
Pete.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html