Security Incidents mailing list archives

Re: Snort blah11 signature

From: phonix () MOOCOW ORG (Phonix)
Date: Thu, 6 Jul 2000 08:32:06 -0400

06/30-14:05:30.263961 172.16.1.17:1042 -> 172.16.4.235:1438
TCP TTL:126 TOS:0x0 ID:19422 DF
**S***A* Seq: 0x2C787B4F Ack: 0x2C31B Win: 0x2238
TCP Options => MSS: 1460


This is normal exchange traffic.  Exchange uses NT's portmapper to grab a
connection on a couple of high ports, so 1042 and 1438 are in the range
one would expect to see from the rpc servers.  Nothing to worry about.

.phonix.

Current thread:

Snort blah11 signature Owen Creger (Jul 05)
- Re: Snort blah11 signature Cedric Puddy (Jul 06)
- Re: Snort blah11 signature Phonix (Jul 06)