pmelson at ...11827...
Thu Sep 15 10:06:07 EDT 2005
Yes, though what you describe is probably not p2p software and is more
likely Windows Messenger "spam" attempts.
Subject: Re: [Snort-users] postscan
Are they likely to fire decoy detection rules?
I infer a lot of decoyed traffic to 1026/UDP and 1027/UDP from the number of
ICMP Unreach messages I've been receiving in which the original datagram src
IP was forged (to one of my addresses).
More information about the Snort-users