Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 2301

From: Matt Kettler <mkettler () EVI-INC COM>
Date: Wed, 30 Oct 2002 14:43:04 -0500
I often get these with my 1.8.x version of snort. If you look at the traffic you'll see it's usually an outside webserver feeding data to a local client on a random local port, which in this case happens to be 2301.
A version of the rule using flows would be less likely to false on this, as it would realize that the port 2301 on your local machine is actually a client, not a server. 


At 03:53 AM 10/31/2002 -0500, Kevin Haslag wrote:
I am getting some Compaq nsight directory traversal alerts on my network(SID 1199). My port list says 2301 is used by Compaq Remote Diagnostic Management. We have no Compaq systems so does anyone know what might be using port 2301 



I run Snort v1.8.3 on Win2k Sp2




-------------------------------------------------------
This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: