Snort mailing list archives
Re: Lots of outgoing portscans
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 22 Oct 2003 11:01:25 -0400
At 03:28 AM 10/22/2003, Richard Gaywood wrote:
The machine is a web and email server, and no web browsing happens off it, nor does it have a web cache. It does act as a DNS proxy for my network so perhaps that is the explanation, but all that port 7 activity looks rather dodgy to me. Anyone offer me a benign explanation before I have to take the server offline?
Do you run Vipul's razor on your mailserver as a spam fighting measure?Razor checks to see which razor servers are up by using a client connection to tcp/7 on the razor server. This is done instead of icmp pings to allow razor to run as a non-root user.
------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Lots of outgoing portscans Richard Gaywood (Oct 22)
- Re: Lots of outgoing portscans Richard Gaywood (Oct 22)
- Re: Lots of outgoing portscans Matt Kettler (Oct 22)