On Thursday 12 June 2003 23:49, Cliff Wells wrote: > On Fri, 2003-06-06 at 07:07, Jonathan Bartlett wrote: > > I'm sure most of you know this, but there's a simple way to detect > > bugbear infections on your network using Linux, since it opens up > > port 1080: > > > > nmap -sT -p 1080 network/netmask > > > > For my internal network I use > > > > nmap -sT -p 1080 192.168.2.0/24 > > How can you differentiate between bugbear and a socks proxy using > this technique?
Using nmap alone? I don't think that would be very informative. Using an IDS like snort looking for signatures, telnetting into port 1080 (knowing the protocols you're looking for), and/or tcpdump/ethereal capturing the network data would all be more efficient at determining what's up. Bear in mind that there are other trojans that can use port 1080 as well. Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list