[Intrusions] SMTP relay server tagged by IDS
Walzer, Jeff
Jeff.Walzer at dcsg.com
Thu Aug 11 14:08:21 GMT 2005
Our SMTP relay server is being tagged by our IDS with the TCP SYN Host
Sweep on Same Dest Port alert. Here is the raw message:
xxx.xxx.xxx.xxx/3307 --> 12.129.199.35/0 TCP TCP SYN Host Sweep On Same
Dest Port,NR-3030/0,Risk Rating:21
The weird thing is that the destination port is 0 - is this standard
behavior and a false positive or something I should dig deeper into?
Thanks...
The information contained in this message and any attachments (collectively, the "Transmission") from Dick's Sporting Goods, Inc. contains confidential information and is intended solely for the named recipient(s). If you are not a named recipient, you are prohibited from copying, distributing or using this Transmission. Please contact the sender immediately by returning the e-mail and deleting the original Transmission.
More information about the Intrusions
mailing list