Hmm. It would take only about 15 minutes to get that call. Spoofed addresses usually don�t scan a range of ports though, do they? When your spoofing an address, your expecting specific results back so you can emulate the response to communicate. This would be a specific attack to a port, would it not? Very curious..?
I have little knowledge about spoofed traffic. Phynex On 3/5/04 1:43 PM, "Hanson, Jeffrey P (GEI, GEFA)" <[EMAIL PROTECTED]> wrote: > And what happens when the attacker spoofs someone else's address and makes it > look like it's coming from, oh, I don't know, the FBI site or something? Now > you're scanning the FBI. Probably not a good idea. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Jon Goode > Sent: Friday, March 05, 2004 4:40 PM > To: [EMAIL PROTECTED] > Subject: Nessus and Snort > > > Has anyone considered setting up snort to detect network scans from external > networks, then automatically having nessus 'retaliate' a scan and post the > results of the offending machine? Or could this loop? :) > > Phynex > > _______________________________________________ > Nessus mailing list > [EMAIL PROTECTED] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ > Nessus mailing list > [EMAIL PROTECTED] > http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
