Security Basics mailing list archives
Help with snort alert
From: Peter Rodger <prodger2008 () yahoo com>
Date: Fri, 7 Oct 2005 06:41:46 -0700 (PDT)
Hi all, Today, I put snort behind PIX (port spanning from PIX port to snort monitoring port) and got lots of alerts as follows: #19-(1-15529) [snort] (portscan) TCP Portscan 2005-10-06 16:26:40 x.x.x.x 10.1.15.30 Raw IP (x.x.x.x is externel IP) ********* Does this mean x.x.x.x scan this IP? or just false positive? or I have to tune the rule? I'll appreciate your help. Peter ______________________________________________________ Yahoo! for Good Donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/
Current thread:
- Help with snort alert Peter Rodger (Oct 11)