Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: My Machine as Source

From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Thu, 14 Apr 2005 08:44:55 -0400
203.26.51.42 is fairfax.com.au.
Perhaps you were surfing a web site from that machine.

I have turned off  the sfportscan preprocessor as I was finding too many
false positives and no easy way to fine tune what the preprocessor
reported.

Bruce

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mark
Sargent
Sent: Thursday, April 14, 2005 2:46 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] My Machine as Source

Hi All,

just started using Snort/Base on a test machine, although, the machine 
is part of a LAN/Internet setup. I'm using it just to learn the basics 
etc. Anyway, I see my machine, 192.168.0.12 as the source address for 
(portscan) Open Port on addresses on the net, for example, 203.26.51.42 
<http://localhost/base-1.1/base_stat_ipaddr.php?ip=203.26.51.42&netmask3
2>. 
Why is that..? More so, what is it..? False alrms, perhaps.? A zombie, 
perhaps..? Cheers.

Mark Sargent.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: