[Snort-users] Nmap

Gerson Sampaio rootbit at ...131...
Fri Nov 14 05:20:07 EST 2003

Hi List,
i received this alert and i'd like to know why the
source is using port 80. Is this forged ?

11/13-17:26:42.075512 [**] [1:628:2] SCAN nmap TCP
[**] [Classification: Attempted Information Leak]
[Priority: 2] {TCP} x.x.x.x:80 -> y.y.y.y:53

Gerson Sampaio

Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard

More information about the Snort-users mailing list