Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] bad traffic in syn packet

from [John Hally] Network Security [Permanent Link]
Subject: [Snort-sigs] bad traffic in syn packet
Date: Tue, 6 Sep 2005 09:10:45 -0400 
Hello All,

 

Need a quick sanity check here.  I'm seeing alerts for traffic in syn
packets, and all are destined for TCP/53.  Is it possible that data is being
piggy-backed in the syn packet on purpose and the traffic is benign?  I
don't see any other anomalies to or from these hosts, but wanted to make
sure that I'm not overlooking something obvious.

 

Thanks in advance!

 

John.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] bad traffic in syn packet, John Hally <=
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  Re: [Snort-sigs] False Positive - WEB-PHP modules.php access, BassPlayer
Previous by Thread:  [Snort-sigs] I need a Windows Config file for Snort, DasPadre
Next by Thread:  [Snort-sigs] False Positive - BLEEDING-EDGE Potential MySQL bot connecting to IRC server, Chich Thierry
Indexes:  [Date] [Thread] [Top] [All Lists]