[Snort-users] Getting 'portscanned' by IRC servers.

Steve Halligan agent33 at ...187...
Fri Sep 22 11:26:49 EDT 2000


IRC server (well most of them anyway) do what they call a "check for
insecrue proxies".  This shows up as a udp portscan.  Basically they are
checking your security before letting you connect--good for them :).  I
wouldn't want to connect to one that didn't do it.  There must be an exploit
(although I am unfamilar as to what it is) that would allow an insecure user
to be compromised and thus compromising the others connected to the server.
The jist of what I am saying is:

1)  It is normal
2)  It is good
3)  Ignore it if you choose, but leaving it in tells you that they are
checking and that snort is still working :)

-Steve Halligan

-----Original Message-----
From: Daniel Swan [mailto:swan_daniel at ...479...]
Sent: Thursday, September 21, 2000 5:23 PM
To: snort-users at ...382...
Subject: [Snort-users] Getting 'portscanned' by IRC servers.


My new roomate is an IRC'r, something I've never mucked with... now, I'm
seeing all sorts of weird activity from IRC servers portscanning my
computer.   He has explained to me that this is normal behavior, as some IRC
servers won't allow connexions from hosts with particular ports active.

My question is this:  Can I ignore these IRC servers by adding them to
$DNSSERVERS in snort-lib, and as well, is this such a good idea,
consdidering they *are* IRC servers after all.

Thoughts?




--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000922/870d8f6f/attachment.html>


More information about the Snort-users mailing list