Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lots of outgoing portscans

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 22 Oct 2003 11:01:25 -0400
At 03:28 AM 10/22/2003, Richard Gaywood wrote:

The machine is a web and email server, and no web browsing happens off
it, nor does it have a web cache. It does act as a DNS proxy for my
network so perhaps that is the explanation, but all that port 7 activity
looks rather dodgy to me. Anyone offer me a benign explanation before I
have to take the server offline?


Do you run Vipul's razor on your mailserver as a spam fighting measure?
Razor checks to see which razor servers are up by using a client connection to tcp/7 on the razor server. This is done instead of icmp pings to allow razor to run as a non-root user. 



-------------------------------------------------------
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: