[Snort-users] Network Scan - Port 1602
jukekiller at ...125...
Fri Nov 3 06:52:29 EST 2000
last night our checkpoint firewall captured the following scan
2Nov2000 21:35:55 drop FIREWALL >DC21X42 mail proto tcp src a.a.a.a dst
p-int.er.nal.ip service 1602 s_port 1863 len 40 rule 24
We also run a SNORT IDS , which checks for incoming tcp packets containing
SYN , SYN-FIN or NULL flags, and it didn't capture any attemts for this
scan. It is on the same segment as the Firewall.
Anyone has any idea what this scan is? Also, I am would like to know why
snort did not capture this.
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
More information about the Snort-users