Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

suspicious packets

From: "Michael Anuzis" <michael_anuzis () hotmail com>
Date: Wed, 30 Jan 2002 22:39:15 -0500
http://www.anuzis.net/tcp0/

this directory on my webserver contains two files:
snort.capture =  a portion of a snort capture
tcp.dump = a look at the content of the suspicious packets

tcp source port zero, tcp destination port zero
a stealth port scan about 2 minutes later on a single port from the same IP

no nslookup or whois entry for the suspicious source IP

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: