Snort mailing list archives

Re: (spp_portscan2) Portscan detected

From: Ashley Thomas <athomas () cc gatech edu>
Date: Fri, 28 Feb 2003 02:27:33 -0500

This is detected by portscan preprocessor; not a rule.


Clayton Mascasrenhas wrote:

Snort detected this attack....
02/02-10:14:55.142286 [**] [117:1:1] (spp_portscan2) Portscan detectedfrom 65.114.4.69: 1 targets 21 ports in 2 seconds [**] {TCP}65.114.4.69:80 -> 66.20.55.101:57910
Could Someone please tell me the sid rule used by snort for detectingthis portscan attack??
Clayton Mascarenhas


------------------------------------------------------------------------
Do you Yahoo!?
Yahoo! Tax Center<http://rd.yahoo.com/finance/mailtagline/*http://taxes.yahoo.com/> -forms, calculators, tips, and more




--
Ashley Thomas
Research scientist
College of Computing
Georgia Tech.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

(spp_portscan2) Portscan detected Clayton Mascasrenhas (Feb 27)
- Re: (spp_portscan2) Portscan detected Ashley Thomas (Feb 27)
- Re: (spp_portscan2) Portscan detected Erick Mechler (Feb 27)
- Re: (spp_portscan2) Portscan detected Saad Kadhi (Feb 28)