Snort mailing list archives
Re: Portscan 2 question
From: Joe Giles <jgiles () joeman1 com>
Date: 24 Oct 2002 12:12:44 -0600
Well, I'm not RUNNING a DNS server, but I use one. My ISP's DNS... Should I add that to the list? Also, I don't seem to have the 'lasts' command. What package is that part of? Thanks for the reply Joe On Thu, 2002-10-24 at 12:03, Robby Desmond wrote:
At 11:22 AM 10/24/02 -0600, you wrote:I have a weird problem with 2 entries in my ACID database. Apparently, my server did a port scan on a remote machine. The problem is that no one here initiated a port scan. The database lists my server IP as the source and lists a dest IP. This is listed as a spp_portscan2. Does the new snort scan other machines on the Internet? I don't want any issues with other services because they think I'm port scanning their network. Thanks JoeAre you, by chance, running DNS? You should add your DNS servers to the list of portscan2-ignorehosts, otherwise you will get this sort of activity. If you are not running DNS, then check the "lasts" command to see who has been on your system. (Or who has been appearing as someone on your system.) -Robby Robert Desmond Systems Administrator UCSB Extended Learning Services 805-893-4906
------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan 2 question Joe Giles (Oct 24)
- Is this a valid rule? Lefevre, Steven (Oct 24)
- Re: Is this a valid rule? Alberto Gonzalez (Oct 24)
- Re: Portscan 2 question Robby Desmond (Oct 24)
- Re: Portscan 2 question Joe Giles (Oct 24)
- Re: Portscan 2 question Joe Giles (Oct 24)
- Re: Portscan 2 question Gary Verhulp (Oct 24)
- Message not available
- Re: Portscan 2 question Joe Giles (Oct 24)
- Is this a valid rule? Lefevre, Steven (Oct 24)
- <Possible follow-ups>
- RE: Portscan 2 question Joe Giles (Oct 24)
- RE: Portscan 2 question Soren Macbeth (Oct 24)
- RE: Portscan 2 question Joe Giles (Oct 24)
- RE: Portscan 2 question Soren Macbeth (Oct 24)
- RE: Portscan 2 question Hicks, John (Oct 24)
- RE: Portscan 2 question Joe Giles (Oct 24)
- RE: Portscan 2 question Brian F. Vaughan (Oct 24)