Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XMAS scan

From: "Los, Ralph" <rlos () ENVESTNET COM>
Date: Wed, 14 Mar 2001 12:55:27 -0600
Missy,

        I got the same exact error off my firewall last night.  I'm not sure
what the source was, but I'll check it.  Anyone else have comments??

Ralph M. Los
Sr. Internet Systems & Security Admin.    (312) 827-3945 (direct)
EnvestNet Advisory Corp.                  (312) 296-9003 (wireless)
rlos () envestnet com


-----Original Message-----
From: E, M [mailto:freehold () EROLS COM]
Sent: Tuesday, March 13, 2001 11:26 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: XMAS scan


Yesterday one of the babies announced that it had denied a 'probable'
XMAS scan.  Considering that the presumptive origin is a .mil/80 (to
LAN/42932) and that XMAS theoretically doesn't work on NT because of the
all-flags-set (so why bother except for an implied result).....I'm
wondering if anyone has had any experience with this 'alert' being
triggered by, say, a router with either a sense of humour or a hangover,
instead of an nmap-happy curious george.  :)

TIA for any feedback/explanations --

Missy
Previous By Date Next
Previous By Thread Next

Current thread: