Security Incidents mailing list archives
Re: Snort blah11 signature
From: phonix () MOOCOW ORG (Phonix)
Date: Thu, 6 Jul 2000 08:32:06 -0400
06/30-14:05:30.263961 172.16.1.17:1042 -> 172.16.4.235:1438 TCP TTL:126 TOS:0x0 ID:19422 DF **S***A* Seq: 0x2C787B4F Ack: 0x2C31B Win: 0x2238 TCP Options => MSS: 1460
This is normal exchange traffic. Exchange uses NT's portmapper to grab a connection on a couple of high ports, so 1042 and 1438 are in the range one would expect to see from the rpc servers. Nothing to worry about. .phonix.
Current thread:
- Snort blah11 signature Owen Creger (Jul 05)
- Re: Snort blah11 signature Cedric Puddy (Jul 06)
- Re: Snort blah11 signature Phonix (Jul 06)