bizzare NULL scan

From: Not Really (messiaenat_private)
Date: Wed May 02 2001 - 04:36:21 PDT

  • Next message: Meritt James: "What "methods" are being used"

    I do IDS/Security for a university. We have a class B address space, and
    a firewall on the internet
    pipe.
    
    I've just placed a Snort sensor outside the firewall (we already have a
    IDS on the internal side of
    the firewall and seen some odd things).
    
    Can anyone explain what the following scan was trying to do? I don't understand
    the from port 0 ->
    port 0 stuff, or indeed the payload.  I'd think it was a mis-configured
    bit of kit, but that netblock
    is in Brazil....
    
    All times are British Summer Time (UST +  1).  Snort logs attached.
    
    Arthur
    
    
    
    Free, encrypted, secure Web-based email at www.hushmail.com
    
    

    IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.



    This archive was generated by hypermail 2b30 : Wed May 02 2001 - 09:10:15 PDT