About malicious traffic and how to identify it...

I`m not sure if interpretation what I do about malicious traffic
(external/internal) is correct or maybe this concept is very subjective or
complex.

Anyway, I understand for malicious traffic like all traffic
(external/internal) able to go against good use of resources afecting
performance, services, ..., between one or more machines and can be intended
(e.g. virus/trojans) or unintended (e.g. bugs, misconfiguration, p2p).

I've read about network analyzers/monitoring like sniffers and MS Network
Monitor/Ethereal tools between others like ISA logs BUT once inside of them
I can`t identify malicious traffic.
I have spoke with experts in matter and always they recommend to use
sniffers and similar tools but to the question "how can I identify malicious
traffic once inside of them utilities?" they respond vaguely and evasively.

Have this traffic some clue (protocol, port, frame, size, ...) that help to
identify it?

For that I really appreciate any kind of help can guide me to identify
malicious traffic (internal) in LAN environment.

Of course any commenst/suggestions/recommendations will be appreciated.

THANKS!

From: "Jaisol" <(E-Mail Removed)>

| I`m not sure if interpretation what I do about malicious traffic
| (external/internal) is correct or maybe this concept is very subjective or
| complex.
|
| Anyway, I understand for malicious traffic like all traffic
| (external/internal) able to go against good use of resources afecting
| performance, services, ..., between one or more machines and can be intended
| (e.g. virus/trojans) or unintended (e.g. bugs, misconfiguration, p2p).
|
| I've read about network analyzers/monitoring like sniffers and MS Network
| Monitor/Ethereal tools between others like ISA logs BUT once inside of them
| I can`t identify malicious traffic.
| I have spoke with experts in matter and always they recommend to use
| sniffers and similar tools but to the question "how can I identify malicious
| traffic once inside of them utilities?" they respond vaguely and evasively.
|
| Have this traffic some clue (protocol, port, frame, size, ...) that help to
| identify it?
|
| For that I really appreciate any kind of help can guide me to identify
| malicious traffic (internal) in LAN environment.
|
| Of course any commenst/suggestions/recommendations will be appreciated.
|
| THANKS!

You need to learn how to post !
This Cross-Posted, Multi-Posted message has gone to /* TOO MANY */ News Groups.

A few security related News Groups was all that was needed. Not ISA, OS and others !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

> You need to learn how to post !
> This Cross-Posted, Multi-Posted message has gone to /* TOO MANY */ News
Groups.

I`m sorry for that.

> A few security related News Groups was all that was needed. Not ISA, OS
and others !

Thanks for share your knowledgment.

From: "Jaisol" <(E-Mail Removed)>

>> You need to learn how to post !
>> This Cross-Posted, Multi-Posted message has gone to /* TOO MANY */ News
| Groups.
|
| I`m sorry for that.
|
>> A few security related News Groups was all that was needed. Not ISA, OS
| and others !
|
| Thanks for share your knowledgment.

If you had posted in the RIGHT places and no all over the place, I would have provided
information on malicious TCP/IP traffic.

Therefore, you just got feedback.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

> If you had posted in the RIGHT places and no all over the place, I would
> have provided
> information on malicious TCP/IP traffic.
> Therefore, you just got feedback.

As you can saw I got good feedbacks because many people want share
knowledgement and this attitude confirm great value of newsgroups prevailing
over others attitudes like judge people who do cross-posting by error.

Once again I'm sorry for cross-posting.

From: "Jaisol" <(E-Mail Removed)>

>> If you had posted in the RIGHT places and no all over the place, I would
>> have provided
>> information on malicious TCP/IP traffic.
>> Therefore, you just got feedback.
|
| As you can saw I got good feedbacks because many people want share
| knowledgement and this attitude confirm great value of newsgroups prevailing
| over others attitudes like judge people who do cross-posting by error.
|
| Once again I'm sorry for cross-posting.

There is nothing wrong with Cross-Posting. Cross-posting is preferred over Multi-Posteing.
The problem was the sheer number of groups this was Cross-Posted and Multi-Posted to. Only
post On Topic to a given News Group and if you you want to cover a few News Groups,
Cross-Post the subject matter to relevant, On Topic News Groups.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm