[Snort-users] postscan

Michael Sierchio kudzu at ...10305...
Thu Sep 15 09:42:01 EDT 2005


Jeff Kell wrote:

> I don't know about the original environment, but P2P programs will drive 
> portscan detectors absolutely nuts when they "search" peers for a target.

Are they likely to fire decoy detection rules?

I infer a lot of decoyed traffic to 1026/UDP and 1027/UDP from
the number of ICMP Unreach messages I've been receiving in which
the original datagram src IP was forged (to one of my addresses).





More information about the Snort-users mailing list