On Tue, Mar 13, 2001 at 07:00:36PM +0100, Ookhoi wrote:
> Hi!
>
> Our ISP blocked our webserver for a while because (a) Company mailed
> that they were portscanned by us according to their hereby included
> snort log.
>

There's such thing as 'decoy hosts' in nmap. :) Making your site appearing to
do portscanning of that company would be trivial for any script kiddie. (if
this counds as an argument).

Another option could be that you should review those guys snort configuration.
They may just have tuned their portscan detector to scream even if a single
packet to certain host pops up.

hope it helps.
-F

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]