it is UDP traffic, I have never seen FTP traffic work on UDP, only TCP. how do you know NMAP is doing this?
jef -----Original Message----- From: Mel [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 3:43 AM To: [EMAIL PROTECTED] Subject: NMAP scan Hi Can anyone tell me what particular vulnerability this NMAP scan is probing for? UDP_43555-20 [**] Snort Unmatched [**] 08/22-18:09:52.732955 161.73.38.103:45552 -> 192.168.1.20:20 UDP TTL:54 TOS:0x0 ID:32141 IpLen:20 DgmLen:328 Len: 308 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggg I can see that it's some kind of FTP exploit from the destination source port number, but otherwise I can find no further information on it, and google searches have returned nothing. Thanks in advance Melanie