Is anyone aware of any network-based signatures that could be used to identify and tag IP traffic, for dropping at the ingress/egress points?
On Tue, Mar 31, 2009 at 9:41 AM, JoeSox <joe...@gmail.com> wrote: > I am uncertain also. I scan a subnet on my network with Axence > NetTools looking for 445 port and I receive some hits. I perform a > netstat -a some of those results but don't really see any 445 > activity. The SCS script doesn't find anything either. The PCs are > patched and virusscan updated. One PC when I connected to it did not > navigate to Windowsupdate website. I scheduled a Full McAfee scan as > their documentation suggests > ( > http://download.nai.com/products/mcafee-avert/documents/combating_w32_conficker_worm.pdf > ), > and sometime through the scan I was able to reach windowsupdate. I > don't know if it was a coincidence or not that I was not able to reach > the website. I haven't looked into the registry and any other places > for evidence of conficker. I will probably today but I am afraid it > maybe a waste of time since they are already patched and updated. > -- > Joe > > > > On Tue, Mar 31, 2009 at 5:48 AM, Eric Tykwinski <eric-l...@truenet.com> > wrote: > > Joe, > > > > Here's the link for the Python Crypto toolkit: > > http://www.amk.ca/python/code/crypto.html > > > > I scanned our internal network and didn't find anything, so I can't > really > > vouch for it's reliablity though. > > -- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy
