Snort mailing list archives

Previous By Date Next
Previous By Thread Next

bad traffic tcp port 0 traffic

From: John McCain <jmccain () layer3al com>
Date: 28 Oct 2002 14:11:00 -0600
I've seen several scans, from several different addresses and targeting
different ports, which are originating from TCP port 0, thus tripping
the "bad traffic tcp port 0" rule.  Does anyone know what this traffic
is?  Why would you want to launch a scan from tcp port 0?

begin sanitized log snip

10/14-02:37:47.357584 ,BAD TRAFFIC tcp port 0
traffic,TCP,66.250.114.252,0,(target
ip),1080,0:8:E2:84:90:A,0:D0:B7:47:81:67,0x3C,******S*,0x15BEF,0x0,20,0x200,111,0,1828,40,20,,,,

/snip


Thanks.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: