About malicious traffic and how to identify it...

[Jaisol]

I`m not sure if interpretation what I do about malicious traffic
(external/internal) is correct or maybe this concept is very subjective or
complex.

Anyway, I understand for malicious traffic like all traffic
(external/internal) able to go against good use of resources afecting
performance, services, ..., between one or more machines and can be intended
(e.g. virus/trojans) or unintended (e.g. bugs, misconfiguration, p2p).

I've read about network analyzers/monitoring like sniffers and MS Network
Monitor/Ethereal tools between others like ISA logs BUT once inside of them
I can`t identify malicious traffic.
I have spoke with experts in matter and always they recommend to use
sniffers and similar tools but to the question "how can I identify malicious
traffic once inside of them utilities?" they respond vaguely and evasively.

Have this traffic some clue (protocol, port, frame, size, ...) that help to
identify it?

For that I really appreciate any kind of help can guide me to identify
malicious traffic (internal) in LAN environment.

Of course any commenst/suggestions/recommendations will be appreciated.

THANKS!

 

[David H. Lipman]

From: "Jaisol" <[email protected]>

| I`m not sure if interpretation what I do about malicious traffic
| (external/internal) is correct or maybe this concept is very subjective or
| complex.
|
| Anyway, I understand for malicious traffic like all traffic
| (external/internal) able to go against good use of resources afecting
| performance, services, ..., between one or more machines and can be intended
| (e.g. virus/trojans) or unintended (e.g. bugs, misconfiguration, p2p).
|
| I've read about network analyzers/monitoring like sniffers and MS Network
| Monitor/Ethereal tools between others like ISA logs BUT once inside of them
| I can`t identify malicious traffic.
| I have spoke with experts in matter and always they recommend to use
| sniffers and similar tools but to the question "how can I identify malicious
| traffic once inside of them utilities?" they respond vaguely and evasively.
|
| Have this traffic some clue (protocol, port, frame, size, ...) that help to
| identify it?
|
| For that I really appreciate any kind of help can guide me to identify
| malicious traffic (internal) in LAN environment.
|
| Of course any commenst/suggestions/recommendations will be appreciated.
|
| THANKS!

You need to learn how to post !
This Cross-Posted, Multi-Posted message has gone to /* TOO MANY */ News Groups.

A few security related News Groups was all that was needed. Not ISA, OS and others !

 

[Jaisol]

You need to learn how to post !

This Cross-Posted, Multi-Posted message has gone to /* TOO MANY */ News

Groups.

I`m sorry for that.

A few security related News Groups was all that was needed. Not ISA, OS

and others !

Thanks for share your knowledgment.

 

[David H. Lipman]

| Groups.
|
| I`m sorry for that.
|| and others !
|
| Thanks for share your knowledgment.

If you had posted in the RIGHT places and no all over the place, I would have provided
information on malicious TCP/IP traffic.

Therefore, you just got feedback.

 

[Jaisol]

If you had posted in the RIGHT places and no all over the place, I would

have provided
information on malicious TCP/IP traffic.
Therefore, you just got feedback.

As you can saw I got good feedbacks because many people want share
knowledgement and this attitude confirm great value of newsgroups prevailing
over others attitudes like judge people who do cross-posting by error.

Once again I'm sorry for cross-posting.

 

[David H. Lipman]

|
| As you can saw I got good feedbacks because many people want share
| knowledgement and this attitude confirm great value of newsgroups prevailing
| over others attitudes like judge people who do cross-posting by error.
|
| Once again I'm sorry for cross-posting.

There is nothing wrong with Cross-Posting. Cross-posting is preferred over Multi-Posteing.
The problem was the sheer number of groups this was Cross-Posted and Multi-Posted to. Only
post On Topic to a given News Group and if you you want to cover a few News Groups,
Cross-Post the subject matter to relevant, On Topic News Groups.

 

[papa smurf]

Wow!
Let me make sure I don't cross-post into too many groups!
I may get some smart ass answers....

Learned someting today