[Snort-users] postscan

Paul Melson pmelson at ...11827...
Thu Sep 15 10:06:07 EDT 2005

Yes, though what you describe is probably not p2p software and is more
likely Windows Messenger "spam" attempts.



-----Original Message-----
Subject: Re: [Snort-users] postscan

Are they likely to fire decoy detection rules?

I infer a lot of decoyed traffic to 1026/UDP and 1027/UDP from the number of
ICMP Unreach messages I've been receiving in which the original datagram src
IP was forged (to one of my addresses).

More information about the Snort-users mailing list