Snort mailing list archives
bad traffic tcp port 0 traffic
From: John McCain <jmccain () layer3al com>
Date: 28 Oct 2002 14:11:00 -0600
I've seen several scans, from several different addresses and targeting different ports, which are originating from TCP port 0, thus tripping the "bad traffic tcp port 0" rule. Does anyone know what this traffic is? Why would you want to launch a scan from tcp port 0? begin sanitized log snip 10/14-02:37:47.357584 ,BAD TRAFFIC tcp port 0 traffic,TCP,66.250.114.252,0,(target ip),1080,0:8:E2:84:90:A,0:D0:B7:47:81:67,0x3C,******S*,0x15BEF,0x0,20,0x200,111,0,1828,40,20,,,, /snip Thanks. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- bad traffic tcp port 0 traffic John McCain (Oct 28)
- <Possible follow-ups>
- RE: bad traffic tcp port 0 traffic Miller, Eoin (Oct 28)
- RE: bad traffic tcp port 0 traffic John York (Oct 28)