[Snort-users] Nmap

Esler, Joel - Contractor joel.esler at ...9426...
Mon Nov 17 06:39:36 EST 2003


Not necessarily, you can set Nmap to scan FROM a particular port too...
But it could be a false positive...

J

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Gerson
Sampaio
Sent: Friday, November 14, 2003 8:20 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Nmap

Hi List,
i received this alert and i'd like to know why the
source is using port 80. Is this forged ?

11/13-17:26:42.075512 [**] [1:628:2] SCAN nmap TCP
[**] [Classification: Attempted Information Leak]
[Priority: 2] {TCP} x.x.x.x:80 -> y.y.y.y:53

TIA
Gerson Sampaio

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree


-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list