|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: IDS: Source port of Samba Scans?
From: Daniel Swan (swan_daniel
my-deja.com)Date: Fri Mar 10 2000 - 12:13:34 CST
- Next message: Bill Royds: "IDS: RE: Research topics in IDS"
- Previous message: Robert Graham: "Re: IDS: Source port of Samba Scans?"
- Next in thread: Daniel Swan: "Re: IDS: Source port of Samba Scans?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------
--- Looking at my logs, I see a lot of Samba scans... I think it's a fair assumption that Legion is being used in most cases. (If this is not a fair assumption, please let me know!).Sometimes the source port is something random, above 1024, which I assume is just a dynamically allocated port... but in other cases, it is 137.
So how do we account for the two different cases here... is it different tools, different OS's... or what?
--== Sent via Deja.com http://www.deja.com/ ==-- Share what you know. Learn what you don't.
- Next message: Bill Royds: "IDS: RE: Research topics in IDS"
- Previous message: Robert Graham: "Re: IDS: Source port of Samba Scans?"
- Next in thread: Daniel Swan: "Re: IDS: Source port of Samba Scans?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]