Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: XMAS scan
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: XMAS scan
  • From: "Los, Ralph" <[EMAIL PROTECTED]>
  • Date: Thu, 15 Mar 2001 02:23:04 +0100
.
 
Missy,

	I got the same exact error off my firewall last night.  I'm not sure
what the source was, but I'll check it.  Anyone else have comments??

Ralph M. Los
Sr. Internet Systems & Security Admin.    (312) 827-3945 (direct)
EnvestNet Advisory Corp.                  (312) 296-9003 (wireless)
[EMAIL PROTECTED]


-----Original Message-----
From: E, M [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 13, 2001 11:26 AM
To: [EMAIL PROTECTED]
Subject: XMAS scan


Yesterday one of the babies announced that it had denied a 'probable'
XMAS scan.  Considering that the presumptive origin is a .mil/80 (to
LAN/42932) and that XMAS theoretically doesn't work on NT because of the
all-flags-set (so why bother except for an implied result).....I'm
wondering if anyone has had any experience with this 'alert' being
triggered by, say, a router with either a sense of humour or a hangover,
instead of an nmap-happy curious george.  :)

TIA for any feedback/explanations --

Missy
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.