Snort mailing list archives
Snort Logs [HITCON VIRUS CHECK: OK]
From: Maik.Linnemann () hitcon de
Date: Thu, 3 Jun 2004 12:37:26 +0200
Today i checked my logfiles and found real strange things in my IDS logs - i found this: Datum: 05/24 08:41:30 Name: (spp_portscan2) Portscan detected from 195.202.xx.xx: 1 targets 21 ports in 57 seconds Priorität: n/a Typ: n/a IP-Info: 195.202.xx.xx:80 -> 195.202.xx.xxx:60847 Referenz: nichts gefunden SID: n/a Datum: 05/24 09:10:04 Name: (spp_portscan2) Portscan detected from 195.202.xx.xx: 1 targets 21 ports in 2 seconds Priorität: n/a Typ: n/a IP-Info: 195.202.xx.xx:80 -> 195.202.xx.xxx:33149 Referenz: nichts gefunden SID: n/a Datum: 05/24 09:11:22 Name: (spp_portscan2) Portscan detected from 195.202.xx.xx: 1 targets 21 ports in 18 seconds Priorität: n/a Typ: n/a IP-Info: 195.202.xx.xx:80 -> 195.202.xx.xxx:33281 Referenz: nichts gefunden SID: n/a First of all: both of the adresses belong to me!!!!! The one out of port 80 is my mail server and a webserver is also running on that machine. the other one (targeted on 33281) is also mine on a second location.... they're connected via VPN......but as you see, they use the external ip adresses, so i guess it doesnt come from the inside of my nets... im really not so deep into snort, so if anyone could explain a little bit what it could be - that would be great!!!! what shall i do now? i havent done a port scan!???? What do you think? HITCON AG Maik Linnemann Gartenstrasse 208 48147 Münster 0251/2801-206 (Phone) 0251/2801-280 (Fax) 0170/6364123 (Mobil) Mail: info () hitcon de http://www.hitcon.de ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Logs [HITCON VIRUS CHECK: OK] Maik . Linnemann (Jun 03)
- <Possible follow-ups>
- RE: Snort Logs [HITCON VIRUS CHECK: OK] Miner, Jonathan W (CSC) (US SSA) (Jun 03)
- Re: Re: Snort Logs [HITCON VIRUS CHECK: OK] Maik . Linnemann (Jun 03)