[Snort-users] Does ECN trigger alarms?

Joe Barr warthawg at ...1645...
Tue May 22 13:30:33 EDT 2001


I've been getting:

<snip>

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
May 22 11:03:04 pooh snort: spp_portscan: PORTSCAN DETECTED from 199.183.24.194 (STEALTH)
May 22 11:03:08 pooh snort: spp_portscan: portscan status from 199.183.24.194: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH


</snip>

That is the IP address of the linux-kernel mailing list
server, and they recently turned ECN on.  Is anyone else
seeing this?

See ya,
Joe Barr


-- 

#--------------------------------------------------#
| Joe Barr                   warthawg at ...1645... |
| Longears and Linux........... nowhere but Texas! |
#--------------------------------------------------#




More information about the Snort-users mailing list