Snort mailing list archives

Previous By Date Next
Previous By Thread Next

(no subject)

From: "Michael Shirk" <shirkdog_linux () hotmail com>
Date: Mon, 07 Jun 2004 13:42:05 -0400
I see the same type of activity. As long as its external, it is a false positive. Just make sure you have firewall furles blocking this traffic and you should be good 

Mike
http://www.shirkdog.us



To: jussx0 () yahoo it, snort-users () lists sourceforge net
Subject: RE: [Snort-users] Typot  BACKDOOR
Reply-To: dwad24 () excite com
From: "David" <dwad24 () excite com>
Date: Sat, 29 May 2004 00:18:31 -0400 (EDT)


Hey Jussx,
Probably just a false positive. This rule is triggered when a syn packet with window size 55808 is detected. This traffic can occur naturally from time to 
time.  Have you looked at the payload to see if it looks like normal emule
traffic?


Dave


_________________________________________________________________
Watch the online reality show Mixed Messages with a friend and enter to win a trip to NY http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/ 



-------------------------------------------------------
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: