[Snort-users] port 1?
vision at ...4...
Tue Jan 2 13:03:00 EST 2001
It's a common way to scan for IRIX machines. AFAIK Irix are the only OS
with tcpmux listening by default.
It may be something else, new trojan or something, but I have seen (and
used) this technique before. However, the source port should be
irrelevent so maybe you should look into it - did the source IP come back
and try anything else?
On Tue, 2 Jan 2001, robin stubbs wrote:
> I note the appearance of tcp scans from port 1 to port 1 across all
> in our subnet on Jan 1. Is this just a happy new year message or is it a
> vulnerability? :-)
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
More information about the Snort-users