Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re:Snort 1.9 and spp_portscan2

From: Always Bishan <bishan4u () yahoo co uk>
Date: Mon, 3 Mar 2003 12:43:21 +0000 (GMT)
hi


From: Vlad Gavrila <branix () xnet ro>
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort 1.9 and spp_portscan2



After having it run for a few hours, I found many
portscan logs 
targeted 
against my server, that have the source port either

80 >or 53. I know 

that these come from sequential response to either
http or dns 
requests.



My problem is blocking those connections that are
using 80 or 53 as 
their source port. Is there a way to solve this?


I'm facing the same problem.
While accessing microsoft,yahoo,osho sites I get these
portscan logs very often. Every half hour i get these
attcks. Whats the problem? Are these really doing some
portscan. Any solutions ?

Regards,
Bishan

=====
Celebrating Happinessemail: bishan@sumerusolutions.comcompany: www.sumerusolutions.com

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: