[Dshield] Snort entry I do not understand, what is PROTO255

David McGaughey mcgoy at plumbearcat.com
Thu Jun 30 13:14:05 GMT 2005


Greetings!

 

Have an internal machine, behind an NS50 firewall ingress and egress
filtering dynamic NAT, no direct internet access.  It is a windows 2000
machine running snort on a switched network.  Most snort entries very boring
and predictable.  But not this one:

 

 

[**] [122:1:0] (portscan) TCP Portscan [**]

06/28-22:59:08.756282 4D:41:43:44:41:44 -> 4D:41:43:44:41:44 type:0x800
len:0xB0

18.7.14.127 -> XXX.XXX.XXX.XXX PROTO255 TTL:0 TOS:0x0 ID:19548 IpLen:20
DgmLen:162

 

Please note XXX.XXX.XXX.XXX - I took IP of internal machine out.  What is
PROTO255?

 

 

David McGaughey <http://mcgoy.plumbearcat.com/> 

Lubbock, Texas

mcgoy at plumbearcat.com

(806)438-7363

 

 



More information about the list mailing list