I do IDS/Security for a university. We have a class B address space, and a firewall on the internet pipe. I've just placed a Snort sensor outside the firewall (we already have a IDS on the internal side of the firewall and seen some odd things). Can anyone explain what the following scan was trying to do? I don't understand the from port 0 -> port 0 stuff, or indeed the payload. I'd think it was a mis-configured bit of kit, but that netblock is in Brazil.... All times are British Summer Time (UST + 1). Snort logs attached. Arthur Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Wed May 02 2001 - 09:10:15 PDT