Snort mailing list archives

Re: (spp_portscan2) Portscan detected

From: Saad Kadhi <saad () docisland org>
Date: Fri, 28 Feb 2003 08:49:17 +0100

On Thu, Feb 27, 2003 at 11:05:00PM -0800, Clayton Mascasrenhas wrote:

Snort detected this attack....

02/02-10:14:55.142286 [**] [117:1:1] (spp_portscan2) Portscan detected from 65.114.4.69: 1 targets 21 ports in 2 
seconds [**] {TCP} 65.114.4.69:80 -> 66.20.55.101:57910

Could Someone please tell me the sid rule used by snort for detecting this portscan attack??


this alert has been generated by a preprocessor (spp_portscan2) who  has
seen this as a portscan attempt. it was not triggered by a rule.

-- 
Saad Kadhi -- [saad () docisland org] [saad.kadhi () hapsis fr]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D]
---


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

(spp_portscan2) Portscan detected Clayton Mascasrenhas (Feb 27)
- Re: (spp_portscan2) Portscan detected Ashley Thomas (Feb 27)
- Re: (spp_portscan2) Portscan detected Erick Mechler (Feb 27)
- Re: (spp_portscan2) Portscan detected Saad Kadhi (Feb 28)