Snort mailing list archives

SCAN myscan (ID# 613)

From: "Ron Jenkins" <rjenkins () dibr net>
Date: Wed, 12 Jan 2005 07:49:12 -0600

I see this alert once a day from a Cisco Pix to the same Windows server.
Does anyone have an idea why this may be getting triggered?

 

Thanks...

 

IP Header

 

 

Source IP:

???.???.???.???

 

Destination IP:

???.???.???.???

 

Protocol:

TCP

 

Time To Live:

255

 

Checksum:

54513

 

 

 

 

TCP Header

 

 

Source Port:

10101

 

Destination Port:

4005

 

Sequence Number:

383247798

 

Ack Number:

0

 

Window:

4096

 

Offset:

6

 

Checksum:

16047

 

Flags:

URG: 0 ACK: 0 PSH: 0 RST: 0 SYN: 0 FIN: 0

 

Flags Description:

NULL Packet (reserved bit 2 active)

 

 

 

Ron Jenkins (MCNE, CNE6, MCP, CCNA, CCEA) 
Senior Architect 
Data Integrity, LLC 
"We Integrate People with Solutions" 
1724 Dallas Drive 
Suite 11 
Baton Rouge, La 70806 
Office. 225.927.8030 
Fax. 225.927.8033 
Cell225.931.1632 
Email. rjenkins () dibr net 
Web. www.dibr.net

Current thread:

SCAN myscan (ID# 613) Ron Jenkins (Jan 12)
- RE: SCAN myscan (ID# 613) Ted Rohling (Jan 12)