Re: possible causes of source and destination ip from external network

From: Jose Nazario (jose_at_monkey.org)
Date: 06/23/04

Next message: Barry Fitzgerald: "Re: Anomaly Based Network IDS"

Previous message: Adam Powers: "Re: Anomaly Based Network IDS"
In reply to: Adam Powers: "Re: possible causes of source and destination ip from external network"
Next in thread: Tony Rall: "Re: possible causes of source and destination ip from external network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 23 Jun 2004 13:40:16 -0400 (EDT)
To: focus-ids@securityfocus.com

actually, another question to ask is "is this a few isolated packets, a
flood of packets in one direction, or were connections initiated?" if you
can answer this you may be able to get insight into what's going on.

________
jose nazario, ph.d. jose@monkey.org
http://monkey.org/~jose/ http://infosecdaily.net/

---------------------------------------------------------------------------

Next message: Barry Fitzgerald: "Re: Anomaly Based Network IDS"

Previous message: Adam Powers: "Re: Anomaly Based Network IDS"
In reply to: Adam Powers: "Re: possible causes of source and destination ip from external network"
Next in thread: Tony Rall: "Re: possible causes of source and destination ip from external network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]