MannTech Computers, Inc
Manntech Computers was started in 2005 with the vision of creating and investigating information security. Since that date we have strived to gain expert knowledge and use that to create processes, procedures and applications that meet that need.
Manntech Computers was started in 2005 with the vision of creating and investigating information security. Since that date we have strived to gain expert knowledge and use that to create processes, procedures and applications that meet that need.
Nov 7- Dec 11 2009 - notes from the trenches
My day to day diary using SOI.
Been a busy couple of weeks. Working on building a UCM system...which eventually will also do SOI. (imagine SOI but for phones...neat)
Ok what got me today....we'll I though I had an internal compromised system. An internal machine starting scanning, using same source port for multiple connections. Here is a screen shot of what we saw..
So I saw my little red dot (which indicates heavy usage) amongst all the p2p junk that was occuring. This seemed out of place. Turns out that it was on port 38293....This is used by symantec servers for discovery...and we just put this in. Mystery solved.
However, now to turn my attention to the p2p traffic and "talk" to the offending user.
Ok what got me today....we'll I though I had an internal compromised system. An internal machine starting scanning, using same source port for multiple connections. Here is a screen shot of what we saw..
So I saw my little red dot (which indicates heavy usage) amongst all the p2p junk that was occuring. This seemed out of place. Turns out that it was on port 38293....This is used by symantec servers for discovery...and we just put this in. Mystery solved.
However, now to turn my attention to the p2p traffic and "talk" to the offending user.