i am using nmap for scanning NULL and XMAS
here is the log
XMAS log:
src: 10.x.x.17 signature match: "SCAN nmap XMAS" (sid: 1228) tcp port: 765
Oct 28 21:03:38 firewall
psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp: [1-65389] flags: URG PSH
FIN tcp pkts: 2000 DL: 5
Null Scan log:
psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp: [1-65389] flags: NULL tcp
pkts: 1990 DL: 5
why Null scan didn't showed the signature against which this alert
triggered.
Thanks,
MYK
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
