Re: Portscan 2 question

[Joe Giles <jgiles () joeman1 com>]

Hay, that is a neat command :). 

Well, according to last, no one logged on but me during the time of the
"Issue". 

Thanks. I will add my ISP's DNS to the list and see if that helps. This
is the first time I have seen this message in ACID since I upgraded to
the new snort. That was better than a week ago.

Thanks

Joe

On Thu, 2002-10-24 at 12:16, Robby Desmond wrote:
> At 12:12 PM 10/24/02 -0600, you wrote:
> > Well, I'm not RUNNING a DNS server, but I use one. My ISP's DNS...
> > Should I add that to the list?
>
> Yes. That will reduce your portscan alerts, but doesn't solve the problem 
> of your host causing portscan alerts.
>
> > Also, I don't seem to have the 'lasts' command. What package is that
> > part of?
>
> Oops. Make that singular "last".  It is a standard UNIX tool.
>
> > Thanks for the reply
> >
> > Joe
>
> No prob.
>
> You might also want to check to see if any of the services you run from 
> your server periodically scan hosts for some reason.
>
> HTH,
> -Robby
>
> Robert Desmond
> Systems Administrator
> UCSB Extended Learning Services
> 805-893-4906




-------------------------------------------------------
This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users