|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Cisco Netranger and TCP High port scans
From: Mark Teicher (mark.teicher
NETWORKICE.COM)Date: Mon Oct 02 2000 - 15:19:35 CDT
- Next message: MTNL System Administrator: "Firewall Detection"
- Previous message: Phil Walenta: "Cisco Netranger and TCP High port scans"
- Next in thread: Dane Balia: "Re: Cisco Netranger and TCP High port scans"
- Maybe reply: Mark Teicher: "Re: Cisco Netranger and TCP High port scans"
- Reply: Dane Balia: "Re: Cisco Netranger and TCP High port scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Just run targa2-static against it with a n threshold of 1,000,000 and how
it reacts.. :)
/mark
At 01:45 PM 10/2/00 -0500, Phil Walenta wrote:
>My company jsut recently purchased a Cisco IDS system (Netranger). I've
>been running for about a month now and I'm curious if anyone else has gotten
>a large number of falsely generated TCP high ports scans?
>
>Based on the recordings of the sessions, it looks like these are generated
>by cookies causing browsers to auto-refresh ads or something akin to this.
>I'm just looking for anyone experienced with IDS systems that may have seen
>similar things crop up in other IDS systems.
- Next message: MTNL System Administrator: "Firewall Detection"
- Previous message: Phil Walenta: "Cisco Netranger and TCP High port scans"
- Next in thread: Dane Balia: "Re: Cisco Netranger and TCP High port scans"
- Maybe reply: Mark Teicher: "Re: Cisco Netranger and TCP High port scans"
- Reply: Dane Balia: "Re: Cisco Netranger and TCP High port scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]