[Snort-users] Proper response to scan attempts?

andy lowton andy at ...586...
Fri Oct 6 15:57:01 EDT 2000

> They come from port 21 to port 21 as firewalls let that ports traffic pass,
> so it's (usually) not detected.

Surely that should be port 20. The way to exploit misconfigured routers and 
firewalls (rarely) is using the ftp-data port. Having said that I have seen 
misconfigurations that allow source ports of 22 and 102..go figure.



E-Mail: andy at ...586...
PGP/GnuPG Key available on request
Cultivating a healthy uptime addiction

More information about the Snort-users mailing list