TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
If your using Solaris Engines, try using tcpdump or snoop to look at the
SYN packets further. On Windows NT try windump. This will give you a
better understanding of the packets and what is causing the SYN signature
to appear. I've seen the synflood signature appear often in cases where
the engines can't keep up with the bandwidth. (Most often high traffic
websites)
Windump @ http://netgroup-serv.polito.it/analyzer/install/windump/
Sleep Well,
Matthew F. Caldwell, CISSP - Senior Consultant
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Guarded.Net - An Information Security Company
connect(); to the future of secure computing!
Email: [EMAIL PROTECTED]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
http://www.guarded.net
---------------------------------------------------------------------------
This e-mail may contain proprietary commercial information and is intended
for the addressed recipient(s) only. If you are not an addressed
recipient of this e-mail and have received it in error, you must delete
it. You may not forward or disseminate information contained in this
e-mail without permission from Guarded.Net.
Questions? Contact [EMAIL PROTECTED]
---------------------------------------------------------------------------
On Wed, 8 Mar 2000 [EMAIL PROTECTED] wrote:
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
> ----------------------------------------------------------------------------
>
> I also have alot of these in my logs as well.
>
> What can be done to further research these items besides having a probe or
> sniffer on the lines?
>
>
>
>
>
