Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




167 posts

Master Geek
+1 received by user: 5


Topic # 122123 25-Jun-2013 14:05
Send private message

A workstation connecting to one particular legitimate website always creates a worm alert on the Mako gateway router, where the alert suggests there have been 1000+ new connections within the past 10 minutes.

I think there is some kind of incompatibility between the browser and the web app, but we need more packet level data to support this notion.

The support guys at Mako and Secureme say that details of the 1000+ sessions are not available after the event, but maybe we can set up a prior trap .. is there any way of setting some kind of trap on the Mako to give full details of the data or the connections during this localised event? 

Otherwise I guess we could put some packet sniffing software on the client? Wireshark?

Create new topic
3344 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  Reply # 844017 25-Jun-2013 14:08
Send private message

I'd say Wireshark is an excellent place to start, yes.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.