[Snort-users] Source IP/destination IP: how close is too close?

Guillaume guillaume at ...4029...
Fri Jan 18 00:32:02 EST 2002

Dans son précédent message John Sage écrivait :

> I just had to post this snort capture of a probe to tcp:12345 --
> look at  the source IP address relative to my destination IP
> address as a dialup  to access.att.net, out of AT&T's Seattle, WA
> pop...
> 01/17-18:47:48.819272 ->
> TCP TTL:127 TOS:0x0 ID:18697 IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x21DD8C  Ack: 0x0  Win: 0x2000  TcpLen: 28
> TCP Options (4) => MSS: 536 NOP NOP SackOK
> I mean, this guy is right on top of me ;-)
> Think I should go yell out the front door for him to knock it
> off?
> This is some clown I see a lot of; he's always nearby, but he's
> never  been this "close".

Well well... if only close IPs meant "guy next door"... :-)

I see lots of close IPs playing along with mine, some very very close,
but coming - geographically speaking - from Iran, and I live in Paris,
France !

But if you'd like to yell out there too, I'm your man ! :-)

Most of times it's just hazardeous automatic scannning scripts


[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]

More information about the Snort-users mailing list