kudzu at ...10305...
Thu Sep 15 09:42:01 EDT 2005
Jeff Kell wrote:
> I don't know about the original environment, but P2P programs will drive
> portscan detectors absolutely nuts when they "search" peers for a target.
Are they likely to fire decoy detection rules?
I infer a lot of decoyed traffic to 1026/UDP and 1027/UDP from
the number of ICMP Unreach messages I've been receiving in which
the original datagram src IP was forged (to one of my addresses).
More information about the Snort-users