PC Scanning report in NFA! (suggests )
I don't know if it's a stupid question but why don't you add to NFA some report of pcs scanning the network, I mean infested pcs who are scanning the network and report also the port they are using.. something like this:
--- this is a part of a report from floow-tools using netflow of a pc infested with blaster I think ---
----------------------------------------
Top inbound hosts by hosts counted
----------------------------------------
Scanner: 172.19.236.236 (172.19.236.236) 64571 hosts touched
2005/12/11 08:30:16 ->2005/12/11 15:41:45
FLOWS: 64724 ( 0.82%)
PKTS: 65032 ( 0.08%)
BYTES: 3322081 ( 0.01%)
All Destination Ports:
PROTO/PORT FLOWS PKTS BYTES
(135)/tcp 64568 64585 3100080
(5060)/tcp 63 189 111750
(3956)/tcp 48 172 77291
All Source Ports:
PROTO/PORT FLOWS PKTS BYTES
(16596)/tcp 87 252 107134
(1133)/tcp 63 189 111750
(3921)/tcp 17 17 816
regards;
Israel
:o
--- this is a part of a report from floow-tools using netflow of a pc infested with blaster I think ---
----------------------------------------
Top inbound hosts by hosts counted
----------------------------------------
Scanner: 172.19.236.236 (172.19.236.236) 64571 hosts touched
2005/12/11 08:30:16 ->2005/12/11 15:41:45
FLOWS: 64724 ( 0.82%)
PKTS: 65032 ( 0.08%)
BYTES: 3322081 ( 0.01%)
All Destination Ports:
PROTO/PORT FLOWS PKTS BYTES
(135)/tcp 64568 64585 3100080
(5060)/tcp 63 189 111750
(3956)/tcp 48 172 77291
All Source Ports:
PROTO/PORT FLOWS PKTS BYTES
(16596)/tcp 87 252 107134
(1133)/tcp 63 189 111750
(3921)/tcp 17 17 816
regards;
Israel
:o Topic Participants
iga3725