Hy Amos...
[cut]
> .. or in this case, it appears, some security penetration
> testing software. Somehow installed on a users PC.
>
> > Here you can find trace: http://www.sendspace.com/file/ij5qpe
> >
>
> Sorry, that seems to be a summary packet log. Just confirms
Sorry, I just took over your previously suggested command (tcpdump
-s0)...
> that the PC and Squid are chattering away. I need it to be a
> full binary packet dump. The binary bit is saved with -w to a file.
> So "tcpdump -s0 -w infected-dump.cap" should grab the bit I
> need to look at.
> If its already cleaned up thats fine. This is just for my
> interest to confirm details.
Well, "cleaned" in terms of "I removed McAfee Suite", yes! :-)
[cut]
> Could be "McAfee Network Security Agent" doing a network-wide
> scan/check?
Well, maybe! But that's weird behaviour... why should my "protection
suite" scan my whole subnet on port 80?
Kind regards,
Flavio Boniforti
PIRAMIDE INFORMATICA SAGL
Via Ballerini 21
6600 Locarno
Switzerland
Phone: +41 91 751 68 81
Fax: +41 91 751 69 14
URL: http://www.piramide.ch
E-mail: flavio_at_piramide.ch
Received on Fri May 20 2011 - 12:36:48 MDT
This archive was generated by hypermail 2.2.0 : Fri May 20 2011 - 12:00:03 MDT