[Snort-users] Port 2301

Matt Kettler mkettler at ...7367...
Wed Oct 30 11:41:06 EST 2002


I often get these with my 1.8.x version of snort. If you look at the 
traffic you'll see it's usually an outside webserver feeding data to a 
local client on a random local port, which in this case happens to be 2301.

A version of the rule using flows would be less likely to false on this, as 
it would realize that the port 2301 on your local machine is actually a 
client, not a server.


At 03:53 AM 10/31/2002 -0500, Kevin Haslag wrote:

>I am getting some Compaq nsight directory traversal alerts on my 
>network(SID 1199).  My port list says 2301 is used by Compaq Remote 
>Diagnostic Management.  We have no Compaq systems so does anyone know what 
>might be using port 2301
>
>
>
>I run Snort v1.8.3 on Win2k Sp2





More information about the Snort-users mailing list