Snort 1.9 and spp_portscan2

[Vlad Gavrila <branix () xnet ro>]

Hi!

I have recently installed Snort 1.9 on a Linux box that also acts as a 
proxy and dns server for my lan.

After having it run for a few hours, I found many portscan logs targeted 
against my server, that have the source port either 80 or 53. I know 
that these come from sequential response to either http or dns requests.

My problem is blocking those connections that are using 80 or 53 as 
their source port. Is there a way to solve this?

Thanks in advance,
Vlad


-------------------------------------------------------
Xnet scaneaza automat toate mesajele impotriva virusilor folosind RAV AntiVirus.
Xnet automatically scans all messages for viruses using RAV AntiVirus.

Nota: RAV AntiVirus poate sa nu detecteze toti virusii noi sau toate variantele lor.
Va rugam sa luati in considerare ca exista un risc de fiecare data cand deschideti
fisiere atasate si ca MobiFon nu este responsabila pentru nici un prejudiciu cauzat
de virusi.

Disclaimer: RAV AntiVirus may not be able to detect all new viruses and variants.
Please be aware that there is a risk involved whenever opening e-mail attachments
to your computer and that MobiFon is not responsible for any damages caused by
viruses.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users