Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Help with snort alert

From: Peter Rodger <prodger2008 () yahoo com>
Date: Fri, 7 Oct 2005 06:41:46 -0700 (PDT)
Hi all,

Today, I put snort behind PIX (port spanning from PIX
port to snort monitoring port) and got lots of alerts
as follows:

#19-(1-15529) [snort] (portscan) TCP Portscan
2005-10-06 16:26:40 x.x.x.x 10.1.15.30 Raw IP  
(x.x.x.x is externel IP)
*********

Does this mean x.x.x.x scan this IP?  or just false
positive? or I have to tune the rule?

I'll appreciate your help.

Peter





        
                
______________________________________________________ 
Yahoo! for Good 
Donate to the Hurricane Katrina relief effort. 
http://store.yahoo.com/redcross-donate3/
Previous By Date Next
Previous By Thread Next

Current thread: