Snort mailing list archives
Re: (spp_portscan2) Portscan detected
From: Saad Kadhi <saad () docisland org>
Date: Fri, 28 Feb 2003 08:49:17 +0100
On Thu, Feb 27, 2003 at 11:05:00PM -0800, Clayton Mascasrenhas wrote:
Snort detected this attack.... 02/02-10:14:55.142286 [**] [117:1:1] (spp_portscan2) Portscan detected from 65.114.4.69: 1 targets 21 ports in 2 seconds [**] {TCP} 65.114.4.69:80 -> 66.20.55.101:57910 Could Someone please tell me the sid rule used by snort for detecting this portscan attack??
this alert has been generated by a preprocessor (spp_portscan2) who has seen this as a portscan attempt. it was not triggered by a rule. -- Saad Kadhi -- [saad () docisland org] [saad.kadhi () hapsis fr] [pgp keyid: 35592A6D http://pgp.mit.edu] [pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D] --- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (spp_portscan2) Portscan detected Clayton Mascasrenhas (Feb 27)
- Re: (spp_portscan2) Portscan detected Ashley Thomas (Feb 27)
- Re: (spp_portscan2) Portscan detected Erick Mechler (Feb 27)
- Re: (spp_portscan2) Portscan detected Saad Kadhi (Feb 28)