TCP ******S* portscan

[Marcel Hauser <marcel_hauser () gmx ch>]

Hi everybody

I'am new to Snort, and hopefully this is not in any faq i didn't read ;) 

Can someone please tell me how this could happen:  
(y.y.y.y is the internal IP Address of my webServer and i'am allowing only 
port 80 and 25 to that server from outside using iptables)

Apr 5 15:50:56 195.186.255.2:3595 -> y.y.y.y:45428 SYN ******S* 
Apr 5 15:50:57 195.186.255.2:3596 -> y.y.y.y:45429 SYN ******S* 
Apr 5 15:50:58 195.186.255.2:3597 -> y.y.y.y:45430 SYN ******S* 
Apr 5 15:50:59 195.186.255.2:3598 -> y.y.y.y:45431 SYN ******S* 
Apr 5 15:50:59 195.186.255.2:3599 -> y.y.y.y:45432 SYN ******S* 
Apr 5 15:51:00 195.186.255.2:3600 -> y.y.y.y:45433 SYN ******S* 
Apr 5 15:51:01 195.186.255.2:3601 -> y.y.y.y:45434 SYN ******S* 
Apr 5 15:51:01 195.186.255.2:3602 -> y.y.y.y:45435 SYN ******S* 
Apr 5 15:51:41 195.186.255.2:3614 -> y.y.y.y:45440 SYN ******S* 
Apr 5 15:51:42 195.186.255.2:3615 -> y.y.y.y:45441 SYN ******S* 
Apr 5 15:51:43 195.186.255.2:3616 -> y.y.y.y:45442 SYN ******S* 
Apr 5 15:51:44 195.186.255.2:3617 -> y.y.y.y:45443 SYN ******S* 
Apr 5 15:51:44 195.186.255.2:3618 -> y.y.y.y:45444 SYN ******S* 
Apr 5 15:51:44 195.186.255.2:3619 -> y.y.y.y:45445 SYN ******S* 
Apr 5 15:51:45 195.186.255.2:3620 -> y.y.y.y:45446 SYN ******S* 
Apr 5 15:51:46 195.186.255.2:3621 -> y.y.y.y:45448 SYN ******S* 
Apr 5 15:52:08 195.186.255.2:3630 -> y.y.y.y:80 SYN ******S* 
Apr 5 15:52:08 195.186.255.2:3631 -> y.y.y.y:80 SYN ******S* 
Apr 5 15:52:40 195.186.255.2:3635 -> y.y.y.y:80 SYN ******S* 
Apr 5 15:53:00 195.186.255.2:3638 -> y.y.y.y:80 SYN ******S* 
Apr 5 15:53:00 195.186.255.2:3641 -> y.y.y.y:80 SYN ******S* 

Thanks in andvance

Cheers Marcel

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users