PC Scanning report in NFA! (suggests )
I don't know if it's a stupid question but why don't you add to NFA some report of pcs scanning the network, I mean infested pcs who are scanning the network and report also the port they are using.. something like this:
--- this is a part of a report from floow-tools using netflow of a pc infested with blaster I think ---
----------------------------------------
Top inbound hosts by hosts counted
----------------------------------------
Scanner: 172.19.236.236 (172.19.236.236) 64571 hosts touched
2005/12/11 08:30:16 ->2005/12/11 15:41:45
FLOWS: 64724 ( 0.82%)
PKTS: 65032 ( 0.08%)
BYTES: 3322081 ( 0.01%)
All Destination Ports:
PROTO/PORT FLOWS PKTS BYTES
(135)/tcp 64568 64585 3100080
(5060)/tcp 63 189 111750
(3956)/tcp 48 172 77291
All Source Ports:
PROTO/PORT FLOWS PKTS BYTES
(16596)/tcp 87 252 107134
(1133)/tcp 63 189 111750
(3921)/tcp 17 17 816
regards;
Israel
:o
--- this is a part of a report from floow-tools using netflow of a pc infested with blaster I think ---
----------------------------------------
Top inbound hosts by hosts counted
----------------------------------------
Scanner: 172.19.236.236 (172.19.236.236) 64571 hosts touched
2005/12/11 08:30:16 ->2005/12/11 15:41:45
FLOWS: 64724 ( 0.82%)
PKTS: 65032 ( 0.08%)
BYTES: 3322081 ( 0.01%)
All Destination Ports:
PROTO/PORT FLOWS PKTS BYTES
(135)/tcp 64568 64585 3100080
(5060)/tcp 63 189 111750
(3956)/tcp 48 172 77291
All Source Ports:
PROTO/PORT FLOWS PKTS BYTES
(16596)/tcp 87 252 107134
(1133)/tcp 63 189 111750
(3921)/tcp 17 17 816
regards;
Israel
:o Topic Participants
iga3725
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?