Snort Issue false PSNG_UDP_FILTERED_PORTSCAN
-
Can someone explain the reason for this snort entry :
PROTO:255 PSNG_UDP_FILTERED_PORTSCAN Attempted Information Leak 178.xxx.x.xxx empty -> 188.xx.xxx.xx empty 122:21:1 01/05-11:24:04
-
If traffic port is 53 then probably it's a false positive from dns traffic.
-
Thanks. Prot is marked with 255, DPORT and SPORT are empty. Can be DNS, or ?
-
Hi
is it secure to ignore this 122:21 alerts? I got arround 20 alerts every hour.
1 of 10 IPs that snort blocks are recommend for my network.
I'am a litte bit confused about this alert, maybe an attack or not…greetz HOD
-
Thanks. Prot is marked with 255, DPORT and SPORT are empty. Can be DNS, or ?
Certainly not dns, because destination port should be tcp/udp 53
That protocol 255 is showing to be reserved. Don't know what it is -
I get this alert because of Skype software. When one of my LAN hosts has a voice/video conversation with specific people (it means specific Skype versions) I get this alert periodically during the call. ;)
-
FaceTime also generates this alert.