Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-sigs > 03 > 050438.html (Request Expert snort.org Support)

[Snort-sigs] Bad reference on SID: 598?

From: JP Vossen <vossenjp(at)netaxs.com>
Date: Sun May 04 2003 - 02:32:13 EDT

Perhaps I'm missing something, but the reference for SID 598 [0] msg:"RPC portmap listing TCP 111" points to arachnids,429 [1] which talks about this: 

	DS429 "PORTMAP-LISTING-32771"
	Platform(s):   solaris
	Category:   rpc
	This event indicates that a query was sent to the rpcbind/portmap
daemon on a solaris machine, requesting port information for rpc services.

These do not seem to be the same thing. Also, I got a few of these on an all RedHat (i.e. no Solaris) segment...

Just wondering,
JP

[0] http://www.snort.org/snort-db/sid.html?sid=598
[1] http://www.whitehats.com/cgi/arachNIDS/Show?_id=ids429&view=event

------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|                jp@jpsdomain.org
My Account, My Opinions       |=========|       
http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
"The software said it requires Windows 98 or better, so I installed Linux..."

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Sun May 4 03:15:53 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:27 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library