Snort mailing list archives
Snort newbie log entry question
From: Chris <cpollock () earthlink net>
Date: Tue, 26 Oct 2004 17:59:11 -0500
I've been using snort for a couple of months and every once in awhile get an entry in my syslog. I've never been able to find someplace that explains what these mean. If there is somewhere I'd appreciate a link. Below are a couple of entries that I'd appreciate if someone would explain them to me: Oct 26 09:00:20 cpollock snort[3860]: [1:402:4] ICMP Destination Unreachable (Port Unreachable) [Classification: Misc activity] [Priority: 3]: {ICMP} 217.160.253.84 -> 192.168.1.2 On this one, why would Earthlink, my ISP, be doing a portscan on my system? Could this just be a 'ping' from them? Oct 25 23:42:17 cpollock snort[3860]: spp_portscan: PORTSCAN DETECTED to port 41980 from 207.217.121.213 (STEALTH) Thanks to all in advance for any help -- Chris Registered Linux User 283774 http://counter.li.org 5:36pm up 3 days, 46 min, 1 user, load average: 0.01, 0.09, 0.08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Don't let people drive you crazy when you know it's in walking distance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_idU88&alloc_id065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort newbie log entry question Chris (Oct 26)