Snort mailing list archives

Snort Logs [HITCON VIRUS CHECK: OK]

From: Maik.Linnemann () hitcon de
Date: Thu, 3 Jun 2004 12:37:26 +0200





Today i checked my logfiles and found real strange things in my IDS logs -
i found this:

Datum: 05/24 08:41:30 Name: (spp_portscan2) Portscan detected from
195.202.xx.xx: 1 targets 21 ports in 57 seconds
Priorität: n/a Typ: n/a
IP-Info: 195.202.xx.xx:80 -> 195.202.xx.xxx:60847
Referenz: nichts gefunden SID: n/a

Datum: 05/24 09:10:04 Name: (spp_portscan2) Portscan detected from
195.202.xx.xx: 1 targets 21 ports in 2 seconds
Priorität: n/a Typ: n/a
IP-Info: 195.202.xx.xx:80 -> 195.202.xx.xxx:33149
Referenz: nichts gefunden SID: n/a

Datum: 05/24 09:11:22 Name: (spp_portscan2) Portscan detected from
195.202.xx.xx: 1 targets 21 ports in 18 seconds
Priorität: n/a Typ: n/a
IP-Info: 195.202.xx.xx:80 -> 195.202.xx.xxx:33281
Referenz: nichts gefunden SID: n/a

First of all: both of the adresses belong to me!!!!! The one out of port 80
is my mail server and a webserver is also running on that machine. the
other one (targeted on 33281) is also mine on a second location.... they're
connected via VPN......but as you see, they use the external ip adresses,
so i guess it doesnt come from the inside of my nets...
im really not so deep into snort, so if anyone could explain a little bit
what it could be - that would be great!!!!

what shall i do now? i havent done a port scan!???? What do you think?

HITCON AG
Maik Linnemann
Gartenstrasse 208
48147 Münster
0251/2801-206 (Phone)
0251/2801-280 (Fax)
0170/6364123 (Mobil)
Mail: info () hitcon de
http://www.hitcon.de



-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.

From Windows to Linux, servers to mobile, InstallShield X is the one

installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Logs [HITCON VIRUS CHECK: OK] Maik . Linnemann (Jun 03)
- <Possible follow-ups>
- RE: Snort Logs [HITCON VIRUS CHECK: OK] Miner, Jonathan W (CSC) (US SSA) (Jun 03)
- Re: Re: Snort Logs [HITCON VIRUS CHECK: OK] Maik . Linnemann (Jun 03)