Snort mailing list archives
SCAN myscan (ID# 613)
From: "Ron Jenkins" <rjenkins () dibr net>
Date: Wed, 12 Jan 2005 07:49:12 -0600
I see this alert once a day from a Cisco Pix to the same Windows server. Does anyone have an idea why this may be getting triggered? Thanks... IP Header Source IP: ???.???.???.??? Destination IP: ???.???.???.??? Protocol: TCP Time To Live: 255 Checksum: 54513 TCP Header Source Port: 10101 Destination Port: 4005 Sequence Number: 383247798 Ack Number: 0 Window: 4096 Offset: 6 Checksum: 16047 Flags: URG: 0 ACK: 0 PSH: 0 RST: 0 SYN: 0 FIN: 0 Flags Description: NULL Packet (reserved bit 2 active) Ron Jenkins (MCNE, CNE6, MCP, CCNA, CCEA) Senior Architect Data Integrity, LLC "We Integrate People with Solutions" 1724 Dallas Drive Suite 11 Baton Rouge, La 70806 Office. 225.927.8030 Fax. 225.927.8033 Cell225.931.1632 Email. rjenkins () dibr net Web. www.dibr.net
Current thread:
- SCAN myscan (ID# 613) Ron Jenkins (Jan 12)
- RE: SCAN myscan (ID# 613) Ted Rohling (Jan 12)