The following events are generated by the standard scripts themselves:
bad_pm_port
pm_bad_port
. Handled by conn_weird_addl
,
where the extra parameter is the text
"port <
bad-port>"
.
Land_attack
A TCP connection attempt was seen with identical
initiator and responder addresses and ports. This event likely
reflects an attempted denial-of-service attack known as a
“Land” attack. See check_spoof
. Handled by conn_weird
.