Re: [SLUG] Are you viewed as a computer criminal? (fwd)

From: Paul M Foster (paulf@quillandmouse.com)
Date: Sun May 27 2001 - 02:02:24 EDT


On Sat, May 26, 2001 at 09:14:10PM -0400, Russ Herrold wrote:

> On Sat, 26 May 2001, bill wrote:
> >
> > with all the MS haters, you'd think someone has tries snarfing packets
> > from a fresh windows installation to see, but i couldn't find any on the
> > web.
>
> oh ... Bugtraq carried a piece two weeks ago with such a trace
> (maybe in one of the forensics sub-lists ...). It went --
> DHCP lease request dialog - somethingelse - multicast packet
> to a MS domain host ... three packets converstions, and it had
> reported in using a protocol which has the capability
>

After a prior post on this subject, I put a rule on my firewall that any
broadcast packets to a certain IP range are logged, as:

# log broadcast for Microsoft software
ipchains -A output -d 224.0.0.0/6 -l

If anyone has anything better (or if this is incorrect) I'd be
interested in knowing it.

As yet, I haven't seen any packets like this logged from my wife's
Windows machine.

Paul



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:58:39 EDT