[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[port139:00969] DEMARC (was Re: p.0.f)

To: port139@xxxxxxxxxxxxx
Subject: [port139:00969] DEMARC (was Re: p.0.f)
From: Miharu <ensi@xxxxxxxxxxxxxxxx>
Date: Sun, 27 Jan 2002 13:54:29 +0900

$BbU$G$9!#(B
(B
(B> >$B$H$3$m$GOC$OJQ$o$j$^$9$,!"G/;O$K(BDEMARC (Snort Management) $B$+$i(B
(B> >Demarc PureSecure 1.05 for Windows $B$,%j%j!<%9$5$l$F$^$9!#(B
(B> >$B!!(Bhttp://www.demarc.org/
(B> 
(B> $BR2p$5$l$F$?$d$D$G$9$M(B...
(B> $B$=$&$+(BWindows $B$G$bF0$/$h$&$K$J$C$?$s$G$9$M!"C/$+;n$5$l$^$7$?!)(B
(B
(BWindows2000$B$G;n$7$F$_$^$7$?!#(B
$B$"$^$j;29M$K$O$J$i$$$J$$$+$b$7$l$^$;$s$,!"46$8$?$3$H$r$$$/$D$+!#(B
$B4V0c$C$F$$$k$H$3$m$,$"$k$+$b$7$l$^$;$s$,!"$=$N>l9g$O;XE&$$$?$@$1(B
$B$?$i$H;W$$$^$9!#(B
(B
$BFCD'E*$J(B1$B$D$K(B DEMARC $B$O%U%!%$%k$N%O%C%7%e$rDj4|E*$K%A%'%C%/$7LdBj(B
$B$,$"$C$?$i%a!<%k$rAw$k$J$s$F$3$H$,4JC1$K$G$-$k$N$,$h$$46$8$G$9!#(B
(B
(B
(B
(B
(B
(B*$B%$%s%9%H!<%k$+$iMxMQ$9$k$^$G$N;~4V$O(BACID$B$HHf$Y!"(BDEMARC$B$O$+$J$j(B
$BMF0W$G$"$j!"F0$+$9$^$G$NI,MW$J9)Dx$,>/$J$$$H46$8$^$7$?!#(B
(B
$B!!;29M$K$J$k$[!<$`$Z!<$8(B
$B!!!!(BACID
$B!!!!!!(Bhttp://www.silicondefense.com/techsupport/windows-acid.htm
$B!!!!!!(Bhttp://www.snort.org/docs/acid-win32.html
$B!!!!!!(Bhttp://www.andrew.cmu.edu/~rdanyliw/snort/acid_config.html
$B!!!!!!(Bhttp://www.yk.rim.or.jp/~shikap/security/snort/use_snort.html
$B!!!!(BDEMARC
$B!!!!!!(Bhttp://demarc.com/documentation/
$B!!!!$=$NB>(B
$B!!!!!!(Bhttp://www.hawkeye.ac/micky/
$B!!!!!!(Bhttp://www.port139.co.jp/ntsec_snort.htm
$B!!!!!!(Bhttps://www.netsecurity.ne.jp/back_kiji/3/
(B
(B
(B
(B* DEMARC $B$O%H%C%W%Z!<%8$N(B summary $B$,$^$H$^$C$F$$$F(BACID$B$KHf$Y$F!"(B
$B8=:_$N>u67$,GD0.$7$d$9$$$h$&$K;W$($^$7$?!#$?$@(B DEMARC $B$O(B ACID $B$N(B
$B5!G=$G$$$/$D$+L5$$(B($B$?$V$s(B)$B$b$N$,$"$j$^$9!#5$$,$D$$$?$b$N$O!"(B
$B!!!!(BClassification
$B!!!!(BMost Frequent Source Ports: any , TCP , UDP 
$B!!!!(BMost Frequent Destination Ports: any , TCP , UDP
(B
(B
(B
(B* DEMARC $B$K$"$k4r$7$$$b$N!#(B
$B!!!!(BWhois / Trace / Ping / NSlookup $B$,u67$rDj4|E*$K3NG'$9$k5!G=!#(B
$B!!J70O5$$O(B http://demarc.org/screenshots/ $B$r;2>H$N$3$H!#(B
$B!!$H$3$m$G(B whois.exe $B$H$+$C$F$"$k$N$G$7$g$&$+!)(B(^^;
(B
(B
(B
(B* $BCm0U$9$Y$-$3$H$O(B DEMARC $B$N%i%$%;%s%9(B
$B!!!!(Bhttp://demarc.org/license/
(B
(B
(B
(B* DEMARC $B$+$iAw$i$l$F$-$?%a!<%k$NNc(B
(B
$BNc(B1)---------------
(BSubject: File Integrity Check Alert - Sun Jan 27 12:40:42 2002
(B
(BMODIFIED FILE: C:/snort/snort.conf (SID: 1 Priority: RED)
(B   [SIZE] Known: 18031 Observed: 18591
(B   [MTIME] Known: Sun Jan 27 00:11:22 2002 Observed: Sun Jan 27 12:34:54 2002
(B   [MD5] Known: 04d9b4a3b65de45a44c92e589163852a Observed: 96e30c633d3c300f3371553934398ad5
(B
(B
$BNc(B2)---------------
(BSubject: RECOVERED - 192.168.0.1 - ping - 192.168.0.1 - DEMARC - 1.05
(B
(BHOST: 192.168.0.1
(BSERVICE: ping
(BNEW STATUS: GREEN
(BGROUP: test
(BDURATION: 0 mins 0 secs
(BIP ADDRESS: 192.168.0.1
(BCHANGED FROM: BLUE
(BTIMESTAMP: 2002-01-27 13:30:53
(B
(B
$BNc(B2)---------------
(BSubject: CRITICAL (repeat) - 192.168.0.2 - tcp - 192.168.0.2 - DEMARC - 1.05
(B
(BHOST: 192.168.0.2
(BSERVICE: tcp
(BNEW STATUS: RED
(BGROUP: tset
(BDURATION: 182 mins 49 secs
(BIP ADDRESS: 192.168.0.2
(BCHANGED FROM: RED
(BTIMESTAMP: 2002-01-27 13:36:17

Follow-Ups:
- [port139:00999] Re: DEMARC (was Re: p.0.f)
  - From: Hideaki Ihara

References:
- [port139:00956] p.0.f
  - From: Miharu
- [port139:00964] Re: p.0.f
  - From: Hideaki Ihara

Prev by Date: [port139:00968] FYI: $B%;%-%e%j(B$B%F%#%^%,%8%s!!(B 00 2$B9f!"(B1$B7n(B26$BF|H/Gd!*(B
Next by Date: [port139:00970] Re: XP $B$N(B Guest $B%"%+%&%s%H(B
Previous by thread: [port139:00964] Re: p.0.f
Next by thread: [port139:00999] Re: DEMARC (was Re: p.0.f)
Index(es):
- Date
- Thread