Snort mailing list archives
RE: BAD TRAFFIC data in TCP SYN packet
From: "Coyle, Brian" <Brian.Coyle () disney com>
Date: Tue, 25 Feb 2003 13:12:08 -0500
I've been getting a lot of alerts on this the last few days. There are several source IP addresses, but they are all owned by either Nintendo of America or an ISP in NC. They are always directed at my public DNS server's port 53.
Might be a Foundry 3DNS load balancer. see (esp. section 6 'Correlations'): http://cert.uni-stuttgart.de/archive/intrusions/2002/09/msg00123.html -- Brian Coyle, GCIA ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BAD TRAFFIC data in TCP SYN packet John York (Feb 25)
- <Possible follow-ups>
- RE: BAD TRAFFIC data in TCP SYN packet Keith Pachulski (Feb 25)
- Re: BAD TRAFFIC data in TCP SYN packet Phil Wood (Feb 25)
- Re: BAD TRAFFIC data in TCP SYN packet Brian (Feb 26)
- BAD TRAFFIC data in TCP SYN packet Ron Shuck (Feb 25)
- RE: BAD TRAFFIC data in TCP SYN packet Coyle, Brian (Feb 25)
- RE: BAD TRAFFIC data in TCP SYN packet John York (Feb 25)
- RE: BAD TRAFFIC data in TCP SYN packet John York (Feb 25)