Alert log entry

["bluetooth995" <bluetooth995 () hotmail com>]

Hi all

i am snort new user.. need some help.

from my log.. i am seeing many such entries.... is this normal in a LAN env
of all win2000 Prof machines. Thank you
12/10-15:23:40.976000 [**] [100:1:1]
<\Device\NPF_{A4EAC953-55E9-48C4-9B7A-D6150F32D118}> spp_portscan: PORTSCAN
DETECTED on \Device\NPF_{A4EAC953-55E9-48C4-9B7A-D6150F32D118} from
192.168.1.1 (THRESHOLD 10 connections exceeded in 3 seconds) [**]

12/10-15:23:44.554000 [**] [100:1:1]
<\Device\NPF_{A4EAC953-55E9-48C4-9B7A-D6150F32D118}> spp_portscan: PORTSCAN
DETECTED on \Device\NPF_{A4EAC953-55E9-48C4-9B7A-D6150F32D118} from
192.168.1.2 (THRESHOLD 10 connections exceeded in 11 seconds) [**]

12/10-15:23:46.148000 [**] [100:2:1]
<\Device\NPF_{A4EAC953-55E9-48C4-9B7A-D6150F32D118}> spp_portscan: portscan
status from 192.168.2.1: 6 connections across 6 hosts: TCP(0), UDP(6) [**]

12/10-15:23:46.148000 [**] [100:2:1]
<\Device\NPF_{A4EAC953-55E9-48C4-9B7A-D6150F32D118}> spp_portscan: portscan
status from 192.168.2.2: 5 connections across 5 hosts: TCP(0), UDP(5) [**]

12/10-15:23:46.164000 [**] [100:2:1]
<\Device\NPF_{A4EAC953-55E9-48C4-9B7A-D6150F32D118}> spp_portscan: portscan
status from 192.168.2.3: 14 connections across 6 hosts: TCP(8), UDP(6) [**]


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users