Re: Port 0 packets
From: Andreas Östling (andreaso_at_it.su.se)
Date: 07/25/03
- Previous message: Rodrigo Barbosa: "Re: Scan of TCP 552-554"
- In reply to: Dave Paris: "Re: Port 0 packets"
- Next in thread: Dave Paris: "Re: Port 0 packets"
- Reply: Dave Paris: "Re: Port 0 packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jul 2003 20:18:38 +0200 (CEST) To: Dave Paris <dparis@w3works.com>
On Thu, 24 Jul 2003, Dave Paris wrote:
> Our IDS spotted another TCP port 0 packet at 19:59pm UTC today
> (Thursday). Headers follow:
>
> [**] (snort_decoder): T/TCP Detected [**]
> 07/24-19:59:51.308749 216.136.173.246:0 -> xxx.xxx.xxx.xxx:0
In case you don't know, snort has a bug (or had - I don't know if it has
been fixed now) that would make those alerts generated by the snort
decoder to always have the ports set to 0 since those values weren't yet
assigned at that stage.
See http://marc.theaimsgroup.com/?l=snort-devel&m=105698697005259&w=2
/Andreas
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Rodrigo Barbosa: "Re: Scan of TCP 552-554"
- In reply to: Dave Paris: "Re: Port 0 packets"
- Next in thread: Dave Paris: "Re: Port 0 packets"
- Reply: Dave Paris: "Re: Port 0 packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
