|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Strange Trace_Route
From: George Milliken (gmilliken
farm9.com)Date: Thu Aug 17 2000 - 11:00:54 CDT
- Next message: Keith R. Jarvis: "Re: Threshhold for Ping Flood"
- Previous message: George Milliken: "Re: Threshhold for Ping Flood"
- In reply to: Pete Middleton: "Strange Trace_Route"
- Reply: George Milliken: "Re: Strange Trace_Route"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------
Pete,
Some of our busier web sites generate false positives on traceroute on
port 25 and 80. They are seemingly outbound traceroutes.
We use BIG IP from f5 Networks and we think it is part of the false
positive generation.
Regards,
George Milliken
---------------------------------
farm9, Inc.
Online Intrusion Prevention 24x7
http://www.farm9.com
---------------------------------
Pete Middleton wrote:
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
> majordomoiss.net Contact issforum-owneriss.net for help with any problems!
> ----------------------------------------------------------------------------
>
> All,
>
> I received this alert caused by our SMTP server. It appears to be a mail,
> but I don't understand why it has been picked up as a trace route. Can
> anyone offer any suggestions?
>
> 'Trace_Route' event detected by the RealSecure engine at 'our server'.
> Details:
> Source Address: xxx.xxx.xxx.xxx
> Source Port: E-mail (25)
> Source MAC Address: mm:mm:mm:mm:mm:mm
> Destination Address: yyy.yyy.yyy.yyy
> Destination Port: 48078
> Destination MAC Address: mm:mm:mm:mm:mm:mm
> Time: Wednesday, August 16, 2000 12:46:24
> Protocol: TCP (6)
> Priority: medium
> Actions mask: 0x204
>
> Regards,
>
> Pete
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
--Regards,
George Milliken
--------------------------------- farm9, Inc.
Online Intrusion Prevention 24x7 http://www.farm9.com ---------------------------------
- Next message: Keith R. Jarvis: "Re: Threshhold for Ping Flood"
- Previous message: George Milliken: "Re: Threshhold for Ping Flood"
- In reply to: Pete Middleton: "Strange Trace_Route"
- Reply: George Milliken: "Re: Strange Trace_Route"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]