Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: BAD TRAFFIC data in TCP SYN packet

From: "Coyle, Brian" <Brian.Coyle () disney com>
Date: Tue, 25 Feb 2003 13:12:08 -0500
I've been getting a lot of alerts on this the last few days.  There 
are several source IP addresses, but they are all owned by either 
Nintendo of America or an ISP in NC.  They are always directed at my 
public DNS server's port 53.


Might be a Foundry 3DNS load balancer.   see (esp. section 6 'Correlations'):

http://cert.uni-stuttgart.de/archive/intrusions/2002/09/msg00123.html



                                    -- Brian Coyle, GCIA



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: