Snort mailing list archives

Portscan setup?

From: "Jim Gifford" <jim () jg555 com>
Date: Wed, 19 Mar 2003 15:04:09 -0800

I'm not sure if I have something configured wrong or not, but I keep seeing
messages like this all the time in my ACID console. About 1000 a day. My IP
address is the from line
[snort] (spp_portscan2) Portscan detected from myipaddress: 6 targets 6
ports in 39 seconds

#(1 - 147) [2003-03-17 23:45:22] [snort/1]  (spp_portscan2) Portscan
detected from myipaddress: 6 targets 6 ports in 39 seconds
IPv4: myipaddress -> thieripaddress
      hlen=5 TOS=0 dlen=48 ID=10611 flags=0 offset=0 TTL=127 chksum=40433
TCP:  port=1351 -> dport: 80  flags=******S* seq=2994017105
      ack=0 off=7 res=0 win=64240 urp=0 chksum=34925
      Options:
       #1 - MSS len=4 data=05B4
       #2 - NOP len=0
       #3 - NOP len=0
       #4 - SACKOK len=0
Payload: none



-------------------------------------------------------
This SF.net email is sponsored by: Tablet PC.  
Does your code think in ink? You could win a Tablet PC. 
Get a free Tablet PC hat just for playing. What are you waiting for? 
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Portscan setup? Jim Gifford (Mar 20)