'Re: [Dragonidsuser] TCP-Sweep question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonidsuser
Subject:    Re: [Dragonidsuser] TCP-Sweep question
From:       Sean Macleod <seanmac1904 () gmail ! com>
Date:       2004-12-17 1:50:51
Message-ID: bfdac80d0412161750771ed639 () mail ! gmail ! com
[Download RAW message or body]

Hi Ben,

This sounds like PSVERBOSE being in the dragon.net of the sensor
or it may be the PORTSCANS option

have a look in the Network Sensors User Guide and see if this sound like it 

cheers

Sean

On Thu, 16 Dec 2004 10:35:15 -0500, Tolen, Benjamin
<Benjamin.Tolen@usi.net> wrote:
> I am seeing something new on a recent TCP-SWEEP alert in dragon.  Instead of the \
> destination of 0.0.0.0 in the TCP-SWEEP it includes an IP address. 
> 03:05:26  [T]  xxx.xxx.0.140    xxx.xxx.2.34     [TCP-SWEEP] \
> (total=44,port=22,min=xxx.xxx.130.68,max=xxx.xxx.143.205,Dec16-03:00:03,Dec16-03:00:45) \
> (sensorname) 
> Any ideas on why this showing up like this?
> 
> Ben Tolen
> Security Engineer
> benjamin.tolen@usi.net
> 
> _______________________________________________
> Dragonidsuser mailing list
> 
> For help please follow the below instructions.
> You can make subsciption adjustments via email by sending a message to:
> 
> Dragonidsuser-request@enterasys.com
> 
> with the word `help' in the subject or body (don't include the quotes), and you \
> will get back a message with instructions. 
> You must know your password to change your options (including changing the \
> password, itself) or to unsubscribe. If you forget your password, don't worry, you \
> will receive a monthly reminder telling you what all your enterasys.com mailing \
> list passwords are, and how to unsubscribe or change your options. 
_______________________________________________
Dragonidsuser mailing list

For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:

  Dragonidsuser-request@enterasys.com

with the word `help' in the subject or body (don't include the quotes), and you will \
get back a message with instructions.

You must know your password to change your options (including changing the password, \
itself) or to unsubscribe.   If you forget your password, don't worry, you will \
receive a monthly reminder telling you what all your enterasys.com mailing list \
passwords are, and how to unsubscribe or change your options.  


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic