Snort mailing list archives
about the sfportscan
From: ll <ibeginhere () gmail com>
Date: Tue, 07 Dec 2010 14:31:47 +0800
hi,all I confuse about the sfportscan processor. I'm not clearly know what is the log means . here is from the log file Time: 12/07-14:08:27.749408 event_ref: 0 210.X.X.221 -> 211.103.154.21 (portscan) TCP Portsweep Priority Count: 8 Connection Count: 9 IP Count: 5 Scanned IP Range: 61.164.110.113:211.103.154.21 Port/Proto Count: 5 Port/Proto Range: 80:4004 the ip 210.X.X.221 is in the network ,what I want to protect.it's a web server . I want to know is it means the ip 210.X.X.221 scan the outside host ? I'm not sure what the direct is ,in or out? Is it my web server scan the some many outside host ?(Scanned IP Range: 61.164.110.113:211.103.154.21) as the Readme file say,"sfPortscan only generates one alert for each host pair in question during the time window (more on windows below)."is it the range IP from 61.164.110.113:211.103.154.21 is scaned by my server ip? and as I think the portsweep is one host scan a single port on multiple host .why the port range is(Port/Proto Range: 80:4004). thanks for your help first. ------------------------------------------------------------------------------ What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- about the sfportscan ll (Dec 06)
- Re: about the sfportscan waldo kitty (Dec 07)