Snort mailing list archives
Re:Snort 1.9 and spp_portscan2
From: Always Bishan <bishan4u () yahoo co uk>
Date: Mon, 3 Mar 2003 12:43:21 +0000 (GMT)
hi
From: Vlad Gavrila <branix () xnet ro> To: snort-users () lists sourceforge net Subject: [Snort-users] Snort 1.9 and spp_portscan2
After having it run for a few hours, I found many portscan logs targeted against my server, that have the source port either
80 >or 53. I know
that these come from sequential response to either http or dns requests.
My problem is blocking those connections that are using 80 or 53 as their source port. Is there a way to solve this?
I'm facing the same problem. While accessing microsoft,yahoo,osho sites I get these portscan logs very often. Every half hour i get these attcks. Whats the problem? Are these really doing some portscan. Any solutions ? Regards, Bishan ===== Celebrating Happinessemail: bishan@sumerusolutions.comcompany: www.sumerusolutions.com __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9 and spp_portscan2 Vlad Gavrila (Mar 02)
- Re: Snort 1.9 and spp_portscan2 Erek Adams (Mar 03)
- Re: Snort 1.9 and spp_portscan2 Vlad Gavrila (Mar 03)
- <Possible follow-ups>
- Re:Snort 1.9 and spp_portscan2 Always Bishan (Mar 03)
- Re: Snort 1.9 and spp_portscan2 Erek Adams (Mar 03)