[Snort-users] Nmap

Gerson Sampaio rootbit at ...131...
Fri Nov 14 05:20:07 EST 2003


Hi List,
i received this alert and i'd like to know why the
source is using port 80. Is this forged ?

11/13-17:26:42.075512 [**] [1:628:2] SCAN nmap TCP
[**] [Classification: Attempted Information Leak]
[Priority: 2] {TCP} x.x.x.x:80 -> y.y.y.y:53

TIA
Gerson Sampaio

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree




More information about the Snort-users mailing list