[Snort-users] Odd packets... maybe a new Trojan?
joem at ...692...
Wed Oct 25 13:22:04 EDT 2000
At 11:11 AM 10/25/00, Martin Roesch wrote:
>I actually got scanned for the same thing (SYN FIN) 10 days ago from a
>BellSouth address. Charming.
>Oct 15 21:32:26 18.104.22.168:9704 -> my.home.address.foo:9704 SYNFIN
Hey, small world...my firewall logs show that this is the same address that
scanned 31,341 addresses on my network on Oct 1 (port 9704). An email to
BellSouth went unanswered.
More information about the Snort-users