Snort mailing list archives
snoop output contradicts with snort database
From: Gongya Yu <yu () gongya net>
Date: Sat, 09 Feb 2002 14:14:43 -0800
Hi, all:
I have a win2k box compromised. After I boot up that box, I use snoop to find that it sends
lots of packets to remote machines on port 80 from random local ports. I set up a snort box to plugin to oracle
database. When I query tcphdr table, I found tcp_sport contains port 80, while tcp_dport contains random ports.
any suggestions.
Gongya Yu
=================================
Current thread:
- OT Humor: Snort-Users Drinking Game Erek Adams (Feb 07)
- Re: OT Humor: Snort-Users Drinking Game Davitt J. Potter (Feb 07)
- Re: OT Humor: Snort-Users Drinking Game Bradley Alexander (Feb 08)
- Re: OT Humor: Snort-Users Drinking Game John Sage (Feb 09)
- Re: OT Humor: Snort-Users Drinking Game Andreas Östling (Feb 09)
- snoop output contradicts with snort database Gongya Yu (Feb 09)
- Re: snoop output contradicts with snort database Phil Wood (Feb 09)
- Re: snoop output contradicts with snort database John Sage (Feb 09)
- RE: snoop output contradicts with snort database Jeff Jennings (Feb 09)
- Re: OT Humor: Snort-Users Drinking Game John Sage (Feb 09)