[Snort-sigs] Portscan reporting

Antony J. Shepherd antony.s at ...1308...
Mon Feb 17 08:05:10 EST 2003


> -----Original Message-----
> From: Robert Wagner [mailto:rwagner at ...447...]
> Sent: 17 February 2003 15:45
> To: 'antony.s at ...1308...'; snort-sigs at lists.sourceforge.net
> Subject: RE: [Snort-sigs] Portscan reporting
>
>
> Thoughts - What was the FTP client that the user was using?  I am not
> familiar, but it seems odd that the ftp server would send
> that many SYN
> packets to that many ports on the client machine.  Maybe it
> was some special
> FTP server that (when used with the correct client) could
> open multiple
> sessions??
> Kind of odd since IP has the ability to widen the data stream
> to occupy the
> entire bandwidth available.
> I haven't had an FTP server get picked up by portscan like that.
> Anyone else have any ideas?
>
The user was using CuteFTP - no idea what the server package used at the
other end was.

Antony.





More information about the Snort-sigs mailing list