On Mon, Jul 16, 2012 at 10:35 AM, Giles Coochey <[email protected]> wrote: > On 16/07/2012 14:48, Gary Baribault wrote: > > I suggest one of the first answers was the good one, intercept the traffic > routed to the internet with TCPDump. Filter out the normal traffic and see > what's left. All compromised systems talk to the Internet to dump data or > route spam. Be patient, some systems talk all the time, some once an hour .. > but you will find some unexplained traffic. Once you do find that you're > infected, don't bother cleaning up the system, format and restore the data! >
Is you have much more to worry than is ICMP/GRE tunnels. Is I send to Broadcast and I am is on your network, how do you is plan to pinpoint who I am when is everyone see broadcast _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
