Third Dream

Andy found himself sitting at his desk again. This time, he had a sense that he'd already talked to Dave. As he thought about the situation for a moment, it occurred to him that he really didn't have a whole lot of information. Sure, he had the IP address of the system in question, and Dave had told him that the traffic that had been detected was TFTP and IRC. Andy knew that the network engineers identified network traffic by the ports that were used, particularly the destination ports. This meant that the outbound traffic was to UDP port 69 and to TCP port 6667, respectively. So he had the source IP address for the traffic (i.e., the system in question) as well as the destination ports. He decided that the best thing to do was to ...

Get Windows Forensics and Incident Recovery now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.