Snort mailing list archives
TCP Portsweep and TCP Portscan
From: "Ashgate Publishing Information Technology" <itnotify () ashgate com>
Date: Thu, 16 Dec 2004 11:24:22 -0500
Hi, I'm new to snort. I have sensors setup on both the WAN side and the LAN side of my network. I'm seeing many, many alerts that are triggered on both sensors. They are: [**] [122:3:0] (portscan) TCP Portsweep [**] and [**] [122:1:0] (portscan) TCP Portscan [**] The source is always a local workstation, and a large number of these are coming from one workstation and the destination host is usually in the yahoo.com domain. I have also seen this alert when users visit ebay. Can anyone provide any insight on what this is? I'm relatively new to IDS so I'd appreciate some pointers. Thanks, Nick ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TCP Portsweep and TCP Portscan Ashgate Publishing Information Technology (Dec 16)
- RE: TCP Portsweep and TCP Portscan Bob Konigsberg (Dec 16)