[Snort-users] /var/log/snort/portscan meaning?

Mark E. Drummond drummond-m at ...23...
Fri Jul 21 08:41:03 EDT 2000


Ralf Hildebrandt wrote:
> 
> syn fin rst psh ack urg

Thanks! I figured as much but would it not make more sense to actually
list them in bit order? RFC793 clearly shows the bits as being, from
left to right in the header

	Reserved U A P R S F

While snort is placing them as

	Reserved S R F P A U

The other question is, why the heck is this NT box sending such illegal
packets to my mail hub? Time for investigation.

-- 
Mark Drummond|ICQ#19153754|mailto:mark.drummond at ...23...
UNIX System Administrator|Royal Military College of Canada
The Kingston Linux Users Group|http://signals.rmc.ca/klug/
Saving the World ... One CPU at a Time

Please excuse me if I am terse. I answer dozens of emails every day.




More information about the Snort-users mailing list