Snort mailing list archives

Nmap

From: Gerson Sampaio <rootbit () yahoo com>
Date: Fri, 14 Nov 2003 05:19:36 -0800 (PST)

Hi List,
i received this alert and i'd like to know why the
source is using port 80. Is this forged ?

11/13-17:26:42.075512 [**] [1:628:2] SCAN nmap TCP
[**] [Classification: Attempted Information Leak]
[Priority: 2] {TCP} x.x.x.x:80 -> y.y.y.y:53

TIA
Gerson Sampaio

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree


-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Nmap Gerson Sampaio (Nov 14)
- Re: Nmap Matt Kettler (Nov 14)
  - Re: Nmap Mark Fagan (Nov 15)
    - Re: Nmap Matt Kettler (Nov 18)
    - Re: Nmap Mark Fagan (Nov 19)
    - Re: Nmap Matt Kettler (Nov 19)
- <Possible follow-ups>
- RE: Nmap Esler, Joel - Contractor (Nov 17)
- RE: Nmap MH (Nov 17)
- RE: Nmap bmcdowell (Nov 19)
  - Message not available
    - RE: Nmap Matt Kettler (Nov 19)
- RE: Nmap Marc Quibell (Nov 20)