[Snort-users] Network Scan - Port 1602

James formosa jukekiller at ...125...
Fri Nov 3 06:52:29 EST 2000

Hi guys,

last night our checkpoint firewall captured the following scan

2Nov2000 21:35:55 drop   FIREWALL   >DC21X42 mail proto tcp src a.a.a.a  dst 
p-int.er.nal.ip service 1602 s_port 1863 len 40 rule 24

We also run a SNORT IDS , which checks for incoming tcp packets containing 
SYN , SYN-FIN or NULL flags, and it didn't capture any attemts for this 
scan. It is on the same segment as the Firewall.

Anyone has any idea what this scan is? Also, I am would like to know why 
snort did not capture this.


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 

More information about the Snort-users mailing list