[Snort-users] New to snort...what do these mean???

Robert E. Leever bel1 at ...358...
Wed Oct 11 10:56:33 EDT 2000


> how do i block these portscans? how can i tell which port they are scanning

normally echo is port 7, at least on sun, hp and aix systems
[the 3 that I have easy access to]

each of these systems also have files [usually in /etc]
that you can edit that are read by the inet daemon and tell
it which ports to listen to and service.

You can edit this file [/etc/inetd.conf on solaris] and 
turn off/comment out the echo ports [udp & tcp] and the 
system will then stop responding to echo.
 
In a earlier thread I asked more or less the same question.
If you can find out what's causing the scan you can 
answer the question about being worried yourself.

In my case it was innocuous - an NT box running an auto
discovery program on the internal network.


b;)




More information about the Snort-users mailing list