[Snort-users] Nmap

Esler, Joel - Contractor joel.esler at ...9426...
Mon Nov 17 06:39:36 EST 2003

Not necessarily, you can set Nmap to scan FROM a particular port too...
But it could be a false positive...


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Gerson
Sent: Friday, November 14, 2003 8:20 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Nmap

Hi List,
i received this alert and i'd like to know why the
source is using port 80. Is this forged ?

11/13-17:26:42.075512 [**] [1:628:2] SCAN nmap TCP
[**] [Classification: Attempted Information Leak]
[Priority: 2] {TCP} x.x.x.x:80 -> y.y.y.y:53

Gerson Sampaio

Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard

This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list