[Snort-users] Calling all packet monkeys
pauls at ...6838...
Wed Mar 23 12:17:35 EST 2005
--On Wednesday, March 23, 2005 07:00:59 AM -0800 SN ORT
<snort_on_acid at ...131...> wrote:
> Hehe ..."someone brought in a laptop with a foreign
> IP" now there would be a sight to see, plugging in
> your own IP and then expecting it to route back in...
> OK, so Hi Paul in Dallas. I suspect that the TCP
> session may have been started by an internal host that
> was src: 161, dst: 135 and that the return traffic is
> the answer to an established session over port 135,
> and that your ACL allows established sessions first?
That's one possibility.
> Just making sure, is the snmp traffic blocked at both
> UDP and TCP? Hope this helps..
Default policy is deny. Neither 161/udp nor 161/tcp is allowed. We see
responses (blocked of course) in the PIX logs from our host/0 to foreign
host/135 and foreign host/8000.
It's a curiosity more than anything else.
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users