Snort mailing list archives
Snort, Queso and iptables
From: Juergen Fiedler <juergen () fiedlerfamily net>
Date: Tue, 9 Oct 2001 11:10:34 -0400
Hello, Just about every other day, snort reports a 'Possible Queso Fingerprint attempt' from a machine at kernel.org (most frequently mirrors.kernel.org). This is puzzling to me for several reasons: With whitehats.com being down, I was unable to determine what a Queso Fingerprint is. Looks like some probe of my auth port, but I have no idea what it is actually trying to do. I believe that the people at kernel.org are good and righteous. Why would they try to probe my auth port. Port 113 should be hidden behind my iptables firewall. In fact, I tried to connect to this port from the outside and was unsuccessful. Does snort actually analyze packets before they hit iptables? That seems somewhat weird. Could anyone please shed some light on one or more of my questions? Thanks in advance, Juergen
Attachment:
_bin
Description:
Current thread:
- Snort, Queso and iptables Juergen Fiedler (Oct 09)
- Re: Snort, Queso and iptables John Sage (Oct 10)
- <Possible follow-ups>
- RE: Snort, Queso and iptables Graeme Fowler (Oct 10)