[Snort-users] postscan

Paul Melson pmelson at ...11827...
Thu Sep 15 10:06:07 EDT 2005


Yes, though what you describe is probably not p2p software and is more
likely Windows Messenger "spam" attempts.

http://isc.sans.org/port_details.php?port=1026

PaulM

-----Original Message-----
Subject: Re: [Snort-users] postscan

Are they likely to fire decoy detection rules?

I infer a lot of decoyed traffic to 1026/UDP and 1027/UDP from the number of
ICMP Unreach messages I've been receiving in which the original datagram src
IP was forged (to one of my addresses).






More information about the Snort-users mailing list