Snort mailing list archives
TCP port 0 traffic
From: Max Valdez <maxvalde () fis unam mx>
Date: Fri, 26 Mar 2004 10:44:58 -0600
Hi all I'm getting this kind of traffic with my box as source, I know I'm not scanning anybody, and I know ("certainly") that I have not been hacked. My guess is that "nicotine" a client for the soulseek p2p network is doing that. (there are a lot of dst ips for that rule with src="my box" I just notice that, because I started using it again a couple of days ago. I would like to know if anybody have seen similar traffic. Or maybe I'm missing something, and I was actually hacked ? Max -- Linux garaged 2.6.3-mm3 #2 SMP Tue Feb 24 15:44:58 CST 2004 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++ O- M-- V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z** ------END GEEK CODE BLOCK------ gpg-key: http://garaged.homeip.net/gpg-key.txt ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TCP port 0 traffic Max Valdez (Mar 26)