Snort mailing list archives
Re: postscan
From: Michael Sierchio <kudzu () tenebras com>
Date: Thu, 15 Sep 2005 09:40:04 -0700
Jeff Kell wrote:
I don't know about the original environment, but P2P programs will drive portscan detectors absolutely nuts when they "search" peers for a target.
Are they likely to fire decoy detection rules? I infer a lot of decoyed traffic to 1026/UDP and 1027/UDP from the number of ICMP Unreach messages I've been receiving in which the original datagram src IP was forged (to one of my addresses). ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- postscan Ron Jenkins (Sep 15)
- RE: postscan Paul Melson (Sep 15)
- Re: postscan Jeff Kell (Sep 15)
- Re: postscan Michael Sierchio (Sep 15)
- RE: postscan Paul Melson (Sep 15)
- Re: postscan Jeff Kell (Sep 15)
- RE: postscan Paul Melson (Sep 15)
- maximum length for msg? Peggy Kam (Sep 15)
- Re: maximum length for msg? Alex Kirk (Sep 15)
- Re: maximum length for msg? Dirk Geschke (Sep 16)
- Re: maximum length for msg? Alex Kirk (Sep 16)
- Re: maximum length for msg? Dirk Geschke (Sep 16)
- Re: maximum length for msg? Alex Kirk (Sep 16)
- Re: maximum length for msg? Alex Kirk (Sep 15)