Snort mailing list archives
Re: Portscan from own interface
From: Midnight shadow <p.selder () freeler nl>
Date: Wed, 16 May 2001 12:43:11 +0200
On Wednesday 16 May 2001 07:37, Subba Rao wrote:
I am seeing similar messages in my snort logs. I hope it is only spoofing and not that my machine has been compromised.
I found out what was the cause with my machine. When someone made a connection thru the firewall to surf the web these messages were generated because I removed a few ports from the pre-prosessor. I removed port 80 and 443 for instance. Now I added them back and the logs are quit now. (except for a real portscan) Hope this helps
[**] spp_portscan: portscan status from x.x.x.x: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 05/16-05:19:37.397711
Patrick -- ZZzz |\ _,,,---,,_ /,`.-'`' -. ;-;;,_ |,4- ) )-,_..;\ ( `'-' '---''(_/--' `-'\_) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan from own interface Midnight shadow (May 10)
- RE: Portscan from own interface Fernando Cardoso (May 10)
- Re: Portscan from own interface Subba Rao (May 16)
- Re: Portscan from own interface Midnight shadow (May 16)
- Re: Portscan from own interface Subba Rao (May 16)
- Re: Portscan from own interface Midnight shadow (May 16)
- Re: Portscan from own interface Midnight shadow (May 16)
- RE: Portscan from own interface John Berkers (May 16)