[Snort-users] Port 2301
mkettler at ...7367...
Wed Oct 30 11:41:06 EST 2002
I often get these with my 1.8.x version of snort. If you look at the
traffic you'll see it's usually an outside webserver feeding data to a
local client on a random local port, which in this case happens to be 2301.
A version of the rule using flows would be less likely to false on this, as
it would realize that the port 2301 on your local machine is actually a
client, not a server.
At 03:53 AM 10/31/2002 -0500, Kevin Haslag wrote:
>I am getting some Compaq nsight directory traversal alerts on my
>network(SID 1199). My port list says 2301 is used by Compaq Remote
>Diagnostic Management. We have no Compaq systems so does anyone know what
>might be using port 2301
>I run Snort v1.8.3 on Win2k Sp2
More information about the Snort-users