Snort newbie log entry question

[Chris <cpollock () earthlink net>]

I've been using snort for a couple of months and every once in awhile get an 
entry in my syslog.  I've never been able to find someplace that explains 
what these mean.  If there is somewhere I'd appreciate a link.  Below are a 
couple of entries that I'd appreciate if someone would explain them to me:

Oct 26 09:00:20 cpollock snort[3860]: [1:402:4] ICMP Destination Unreachable 
(Port Unreachable) [Classification: Misc activity] [Priority: 3]: {ICMP} 
217.160.253.84 -> 192.168.1.2

On this one, why would Earthlink, my ISP, be doing a portscan on my system?  
Could this just be a 'ping' from them?

Oct 25 23:42:17 cpollock snort[3860]: spp_portscan: PORTSCAN DETECTED to 
port 41980 from 207.217.121.213 (STEALTH)

Thanks to all in advance for any help

-- 
Chris
Registered Linux User 283774 http://counter.li.org
5:36pm up 3 days, 46 min, 1 user, load average: 0.01, 0.09, 0.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't let people drive you crazy when you know it's in walking distance.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users