Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] TCP Portsweep and TCP Portscan

from [Alex Butcher, ISC/ISYS] Network Security [Permanent Link]
Subject: RE: [Snort-users] TCP Portsweep and TCP Portscan
Date: Fri, 28 Jan 2005 13:53:28 +0000


--On 16 December 2004 08:34 -0800 Bob Konigsberg <bobkberg@networkeval.com> wrote:

TCP Portsweep is probably a reference to the nmap security scanner or
similar tool.

If I were in your position, I'd track down the owner/user of the machine
in question and find out what he or she is doing and why.  A conversation
like that is bound to be illuminating on many fronts.

I've also observed P2P traffic set off those alerts (not surprising, given the similar patterns).

The Snort manual explains exactly what the sfportscan preprocessor is looking for.

Bob 

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: [Snort-users] TCP Portsweep and TCP Portscan, Alex Butcher, ISC/ISYS <=
Previous by Date:  [Snort-users] IDS Policy Manager 1.5.1 Released, Jeff Dell
Next by Date:  [Snort-users] corrupt table problem with snort, mysql, acid and ssh setup, VAUGHAN MOSELEY
Previous by Thread:  [Snort-users] IDS Policy Manager 1.5.1 Released, Jeff Dell
Next by Thread:  [Snort-users] corrupt table problem with snort, mysql, acid and ssh setup, VAUGHAN MOSELEY
Indexes:  [Date] [Thread] [Top] [All Lists]