Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Does ECN trigger alarms?

From: Joe Barr <warthawg () blackhat net>
Date: Tue, 22 May 2001 12:30:33 -0500


I've been getting:

<snip>

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
May 22 11:03:04 pooh snort: spp_portscan: PORTSCAN DETECTED from 199.183.24.194 (STEALTH)
May 22 11:03:08 pooh snort: spp_portscan: portscan status from 199.183.24.194: 1 connections across 1 hosts: TCP(1), 
UDP(0) STEALTH


</snip>

That is the IP address of the linux-kernel mailing list
server, and they recently turned ECN on.  Is anyone else
seeing this?

See ya,
Joe Barr


-- 

#--------------------------------------------------#
| Joe Barr                   warthawg () blackhat net |
| Longears and Linux........... nowhere but Texas! |
#--------------------------------------------------#

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: