Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Portscan from own interface

From: Midnight shadow <p.selder () freeler nl>
Date: Wed, 16 May 2001 12:43:11 +0200
On Wednesday 16 May 2001 07:37, Subba Rao wrote:



I am seeing similar messages in my snort logs. I hope it is only spoofing
and not that my machine has been compromised.


I found out what was the cause with my machine.
When someone made a connection thru the firewall to surf the web these 
messages were generated because I removed a few ports from the pre-prosessor. 
I removed port 80 and 443 for instance.
Now I added them back and the logs are quit now. (except for a real portscan)

Hope this helps


[**] spp_portscan: portscan status from x.x.x.x: 1 connections across 1
hosts: TCP(1), UDP(0) [**] 05/16-05:19:37.397711



Patrick

-- 
 ZZzz   |\      _,,,---,,_
        /,`.-'`'                  -.  ;-;;,_
       |,4-  ) )-,_..;\ (  `'-'
      '---''(_/--'  `-'\_)


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: