Snort mailing list archives
Re: HP 3000 and decode issues
From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 12 Nov 2002 19:49:44 -0500
"Andrew R. Baker" wrote:
Robby Desmond wrote:The (snort_decoder) fires off a lot of alerts on traffic coming from out of our HP3000 machine.
What model/vintage HP3000? What is it doing, network-wise? Current models have the usual telnet, mail, dns, FTP, web, etc traffic but older ones (or new ones with Distributed Terminal Controllers [DTCs]) may generate "interesting" traffic, like 802.3 framing and reserved AFCP protocol numbers (I forget the numbers at the moment). You can also expect HP multicasts (09-00-09-xx-xx-xx MAC addresses). Jeff (putting on 3000 SysAdmin hat) ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd522.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HP 3000 and decode issues Robby Desmond (Nov 12)
- Re: HP 3000 and decode issues Andrew R. Baker (Nov 12)
- Re: HP 3000 and decode issues Jeff Kell (Nov 12)
- Re: HP 3000 and decode issues Andrew R. Baker (Nov 12)