Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Fyodor (fygravetigerteam.net)
Date: Thu Mar 15 2001 - 14:25:36 CST
On Tue, Mar 13, 2001 at 07:00:36PM +0100, Ookhoi wrote:
> Our ISP blocked our webserver for a while because (a) Company mailed
> that they were portscanned by us according to their hereby included
> snort log.
There's such thing as 'decoy hosts' in nmap. :) Making your site appearing to
do portscanning of that company would be trivial for any script kiddie. (if
this counds as an argument).
Another option could be that you should review those guys snort configuration.
They may just have tuned their portscan detector to scream even if a single
packet to certain host pops up.
hope it helps.
Snort-users mailing list
Go to this URL to change user options or unsubscribe: