[Snort-users] tcp/510 probe

andy lowton andy at ...586...
Tue Nov 28 06:51:59 EST 2000

I got exactly the same thing, but only once. I caught it with ipf:

Nov 25 11:02:09  ipmon[12376]: 11:02:09.048081             tun0 @0:27 b,510 -> a.b.c.d,510 PR tcp len 20 40 -S IN 

I've setup a snort rule for it now, but it hasn't happened since.



E-Mail: andy at ...586...
PGP/GnuPG Key available on request
Cultivating a healthy uptime addiction

More information about the Snort-users mailing list