Snort mailing list archives

Previous By Date Next
Previous By Thread Next

TCP Portsweep and TCP Portscan

From: "Ashgate Publishing Information Technology" <itnotify () ashgate com>
Date: Thu, 16 Dec 2004 11:24:22 -0500
Hi,

I'm new to snort.  I have sensors setup on both the WAN side and the LAN
side of my network.  I'm seeing many, many alerts that are triggered on both
sensors. They are:

[**] [122:3:0] (portscan) TCP Portsweep [**]

and

[**] [122:1:0] (portscan) TCP Portscan [**]

The source is always a local workstation, and a large number of these are
coming from one workstation and the destination host is usually in the
yahoo.com domain.  I have also seen this alert when users visit ebay.

Can anyone provide any insight on what this is?  I'm relatively new to IDS
so I'd appreciate some pointers.

Thanks,

Nick




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: