[Snort-users] New to snort...what do these mean???

Ralf Hildebrandt Ralf.Hildebrandt at ...22...
Wed Oct 11 03:19:34 EDT 2000


On Tue, Oct 10, 2000 at 10:22:53PM -0500, Vitaly McLain wrote:

> I am looking at the log you posted, and I am fairly sure you did NOT get
> portscanned. It was a false positive. Look at this:
> >> across 1 hosts: TCP(1), UDP(0) STEALTH
> Only 1 TCP connection is not a portscan. Even a portscan which scans a small
> range of ports should have connects in the double digits.

Not true. When I scan for say vulnerable nameservers I ONLY connect to port
53, and no other ports.

-- 
ralf.hildebrandt at ...22...
Dipl.-Informatiker                                       innominate AG
system engineer                                      networking people
tel: +49.30.308806-62  fax: -77   http://innominate.de  pgp at request
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 358 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20001011/b7d8cacb/attachment.sig>


More information about the Snort-users mailing list