Being Promiscuous and Stopping Infection

Friday, August 15, 2003

I’ve just detected an infection of MSBlast quite by accident. It was on a machine that I thought had all the latest patches so I hadn’t bothered to check it. On a different machine I was using the free packet sniffer Ethereal snoop on an outgoing HTTP connection. Ethereal defaults to running in promiscuous mode so you can see all traffic on your local subnet. It was obvious there was a problem from the very first page of data (you can’t miss something scanning ranges of IP addresses!). Even if you're not worried about MSBlast it's interesting to see everything that is happening on your network.

You will need to install WinPcap for Ethereal to work on Windows platforms...

Ethereal: Sniffing the glue that holds the Internet together
WinPcap: the Free Packet Capture Architecture for Windows

3 Comments

Howdy! Do you use Twitter? I'd like to follow you if that would be ok. I'm undoubtedly enjoying your blog and look forward to new updates.

cheap north face - Thursday, November 15, 2012 9:22:43 PM

I love your blog.. very nice colors & theme. Did you make this website yourself or did you hire someone to do it for you? Plz respond as I'm looking to create my own blog and would like to find out where u got this from. cheers

north face jackets sale - Wednesday, November 21, 2012 11:56:38 AM

I don't know whether it's just me or if everybody else experiencing problems with
your blog. It looks like some of the written text on your content are running off the screen.

Can someone else please provide feedback and let me
know if this is happening to them as well? This might
be a problem with my web browser because I've had this happen previously. Cheers

Robins - Tuesday, April 16, 2013 1:10:33 AM

Comments have been disabled for this content.