Network Security: Detailed info on Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Snort-Users

[Top] [All Lists]

Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x

from [Paul Melson] Network Security

[Permanent Link]

Subject:	Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x
Date:	Mon, 25 Feb 2008 12:55:42 -0500

It's odd for a couple reasons.  First, why is 169.254 traffic even getting

routed to our

external firewall.  This is probably something I need to discuss with our

network admin.  That

just seems weird to me.  Second, if I am reading the alert correctly, it

looks like the

computer is scanning itself for NetBIOS and SMB ports.  I was just

wondering if anyone else

has seen anything like this.


Yes, the cause in my case was the roll-out of ActiveSync 4.x.

PaulM


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] Strange portscan traffic with dest of 169.254.x.x, Aaron Giuoco Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x, Paul Melson <= Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x, CunningPike Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x, Aaron Giuoco Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x, dhottinger Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x, Joel Esler Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x, Aaron Giuoco

Previous by Date:	[Snort-users] Strange portscan traffic with dest of 169.254.x.x, Aaron Giuoco
Next by Date:	Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x, CunningPike
Previous by Thread:	[Snort-users] Strange portscan traffic with dest of 169.254.x.x, Aaron Giuoco
Next by Thread:	Re: [Snort-users] Strange portscan traffic with dest of 169.254.x.x, CunningPike
Indexes:	[Date] [Thread] [Top] [All Lists]