Security Incidents mailing list archives
Re: XMAS scan
From: "Los, Ralph" <rlos () ENVESTNET COM>
Date: Wed, 14 Mar 2001 12:55:27 -0600
Missy, I got the same exact error off my firewall last night. I'm not sure what the source was, but I'll check it. Anyone else have comments?? Ralph M. Los Sr. Internet Systems & Security Admin. (312) 827-3945 (direct) EnvestNet Advisory Corp. (312) 296-9003 (wireless) rlos () envestnet com -----Original Message----- From: E, M [mailto:freehold () EROLS COM] Sent: Tuesday, March 13, 2001 11:26 AM To: INCIDENTS () SECURITYFOCUS COM Subject: XMAS scan Yesterday one of the babies announced that it had denied a 'probable' XMAS scan. Considering that the presumptive origin is a .mil/80 (to LAN/42932) and that XMAS theoretically doesn't work on NT because of the all-flags-set (so why bother except for an implied result).....I'm wondering if anyone has had any experience with this 'alert' being triggered by, say, a router with either a sense of humour or a hangover, instead of an nmap-happy curious george. :) TIA for any feedback/explanations -- Missy
Current thread:
- XMAS scan E, M (Mar 13)
- <Possible follow-ups>
- Re: XMAS scan Los, Ralph (Mar 14)