[Snort-users] tcp/510 probe

andy lowton andy at ...586...
Tue Nov 28 06:51:59 EST 2000


I got exactly the same thing, but only once. I caught it with ipf:

Nov 25 11:02:09  ipmon[12376]: 11:02:09.048081             tun0 @0:27 b
 204.182.234.16,510 -> a.b.c.d,510 PR tcp len 20 40 -S IN 

I've setup a snort rule for it now, but it hasn't happened since.

l8z

andy

---------------------------------------
E-Mail: andy at ...586...
PGP/GnuPG Key available on request
Cultivating a healthy uptime addiction
---------------------------------------





More information about the Snort-users mailing list