[Snort-users] Odd packets... maybe a new Trojan?

Joe Matusiewicz joem at ...692...
Wed Oct 25 13:22:04 EDT 2000


At 11:11 AM 10/25/00, Martin Roesch wrote:
>I actually got scanned for the same thing (SYN FIN) 10 days ago from a
>BellSouth address.  Charming.
>
>[From portscan.log]:
>Oct 15 21:32:26 208.62.23.150:9704 -> my.home.address.foo:9704 SYNFIN 
>**SF****
>
>     -Marty

Hey, small world...my firewall logs show that this is the same address that 
scanned 31,341 addresses on my network on Oct 1 (port 9704).  An email to 
BellSouth went unanswered.


-- Joe





More information about the Snort-users mailing list