Snort mailing list archives
RE: TCP ******S* portscan
From: Andrew Blevins <ABlevins () arrowheadgrp com>
Date: Fri, 5 Apr 2002 15:42:55 -0800
I haven't used iptables enough to tell you. . . there are *nix gurus hanging around this list all the time. Gentleman (and ladies)? Blev -----Original Message----- From: Hauser Marcel [mailto:marcel_hauser () gmx ch] Sent: None To: Andrew Blevins Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] TCP ******S* portscan On 06.04.2002 at 00:33:42, Andrew Blevins <ABlevins () arrowheadgrp com> wrote:
This is a SYN scan, with sets a flag that some firewalls will allow to
pass.
That may be the issue. Feel free to brutally correct me if I'm wrong (which I prob am!) Happy Hunting
Iptables too ? or do i have to set some special Kernel Options in /proc/net ? Thanks Marcel _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TCP ******S* portscan Marcel Hauser (Apr 05)
- Re: TCP ******S* portscan Matt Kettler (Apr 05)
- Re: TCP ******S* portscan Hauser Marcel (Apr 05)
- Message not available
- Re: TCP ******S* portscan Matt Kettler (Apr 05)
- Re: TCP ******S* portscan "SOLVED" Marcel Hauser (Apr 06)
- Re: TCP ******S* portscan Matt Kettler (Apr 05)
- Re: TCP ******S* portscan Ricardo SIGNES (Apr 05)
- <Possible follow-ups>
- RE: TCP ******S* portscan Andrew Blevins (Apr 05)
- RE: TCP ******S* portscan Hauser Marcel (Apr 05)
- RE: TCP ******S* portscan Marcel Hauser (Apr 05)
- Re: TCP ******S* portscan Chris Keladis (Apr 05)
- RE: TCP ******S* portscan Andrew Blevins (Apr 05)