Snort mailing list archives
Re: Port 2301
From: Matt Kettler <mkettler () EVI-INC COM>
Date: Wed, 30 Oct 2002 14:43:04 -0500
I often get these with my 1.8.x version of snort. If you look at the traffic you'll see it's usually an outside webserver feeding data to a local client on a random local port, which in this case happens to be 2301.
A version of the rule using flows would be less likely to false on this, as it would realize that the port 2301 on your local machine is actually a client, not a server.
At 03:53 AM 10/31/2002 -0500, Kevin Haslag wrote:
I am getting some Compaq nsight directory traversal alerts on my network(SID 1199). My port list says 2301 is used by Compaq Remote Diagnostic Management. We have no Compaq systems so does anyone know what might be using port 2301I run Snort v1.8.3 on Win2k Sp2
-------------------------------------------------------This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Port 2301 Kevin Haslag (Oct 30)
- Re: Port 2301 Matt Kettler (Oct 30)