[Snort-users] Weird alerts - false positive ?
azrael at ...70...
Mon Nov 6 09:29:23 EST 2000
> The alerts in most cases are sourced from my W2K host, and the destination
> is a nameserver on my network, 21 and 53 are nameservers, 6 is the W2K box.
IMHO this means that your x.x.x.53 tries to reach a port at your
W2K-host that it's not allowed not access. Does your host on .53 handle
mail? Most Mailers try to get information from the sender (auth, Port
113), which means your suspicious traffic should occur when you send or
[Solution - The Computer People]
More information about the Snort-users