Snort mailing list archives
Portscan from self?
From: "Marc Thomas" <marc () mainetech net>
Date: Tue, 8 Oct 2002 11:12:35 -0400
Hello, I keep getting the following: spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 4 connections exceeded in 2 seconds) Oct 8 10:06:15 noc snort: spp_portscan: portscan status from w.x.y.z: 6 connections across 6 hosts: TCP(6), UDP(0) Oct 8 10:06:30 noc snort: spp_portscan: portscan status from w.x.y.z: 1 connections across 1 hosts: TCP(1), UDP(0) Oct 8 10:06:38 noc snort: spp_portscan: portscan status from w.x.y.z: 2 connections across 2 hosts: TCP(2), UDP(0) w.x.y.z being my WAN interface. Whats causing this? Anything I can do to stop it? btw, using snort version 1.9.0 on Debian woody Thanks, Marc ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan from self? Marc Thomas (Oct 08)
- <Possible follow-ups>
- RE: Portscan from self? Miller, Eoin (Oct 08)
- portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Bennett Todd (Oct 08)
- Re: portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Erek Adams (Oct 08)
- portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Bennett Todd (Oct 08)