Portscan

["Nils Fragoso" <nils () fragoso dk>]

Hi Guys,

Do you know why, on Base (v.1.1.3), I can see portscan alerts (see below) without dest. address or port numbers, when 
portscan.log file have all the information? 

Base-->  [snort] spp_portscan detected from 10.1.8.23 (THRESHOLD 4 connections exceeded in 3 seconds)  2005-08-25 
05:09:34  10.1.8.23  unknown  IP  

portscan.log ->  Aug 25 05:09:34 10.1.8.23:17951 -> 10.137.1.1:389 SYN ******S* 

It seems that my remote sensor is not seding all information to my master, where the database is.

Snort: v.2.4
Base: 1.1.3
My SQL: 4.1.9

Cheers

Nils
 
This e-mail and its attachments may contain Right Management Consultants Inc. proprietary information, which is 
PRIVILEGED, CONFIDENTIAL, or subject to COPYRIGHT belonging to Right Management Consultants, Inc. This e-mail is 
intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient 
of this e-mail, or the employee or agent responsible for delivering this e-mail to the intended recipient, you are 
hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and 
attachments to this e-mail is STRICTLY PROHIBITED and may be UNLAWFUL. If you have received this e-mail in error, 
please notify the sender immediately and permanently delete the original and any copy of this e-mail and any printout. 
Thank You.