Re: Snort-users digest, Vol 1 #1338 - 12 msgs

["Joe Pampel" <joe () ardsley com>]

Thanks for the feedback Ryan.  I don't think it explains what I've got going on, but it's good to know all the same!
Still getting port 0 to port 0 attempts, probably 100-200 a day against random IP's on my LAN. Wierd stuff. 

Thanks,

Joe Pampel


> >   5. RE: Re: port 0 packets from bogon networks (Ryan Hill)
 
Message: 5
From: Ryan Hill <rhill () xypoint com>
To: 'Joe Pampel' <joe () ardsley com>
Cc: "Snort Mailing List (E-mail)" <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Re: port 0 packets from bogon networks
Date: Sun, 25 Nov 2001 20:04:03 -0800

Joe,

FYI - although I haven't been seeing these packets externally, false alarms
on an internal sensor here have been traced to Cisco's Local Director boxes
and their communication with a management station. Bad Cisco - no biscuit!

Regards,

Ryan Hill, MCSE 
IT Ninja
Corporate Information Systems
Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com 
v: 206.792.2276 - f: 206.792.2001
pgp: 0x17CE70AB




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users