[Snort-sigs] Spp portscan

Matt btc1 at ...608...
Thu May 30 23:28:02 EDT 2002


Hello All
Being a newbie to Snort I was wondering if someone could help me with a
question I had.

I use snort at home on my personal machines as a way to try to keep track of
whats going on. I havent been using it long only a few weeks ,I have read
all I can get my hands on and feel I have a nice basic understanding of it
and have begun to experiment with custom rules in attempt to maximize its
effectiveness for this application. I would like to build on what I have
learned so far and was wondering about recommended reading from the members
here
I am running snort on linux mandrake and win xp so i can see what
differences can be between the two os's.
The first question i have is what the heck is a spp portscan?
ive done searches  and dug for info but i dont get the big flick on these
since i get them so often here are they normal??
should i be worried (im thinking they are someone probing me but not 100 %
sure) is it just background noise from the internet ? can i / should i
modify my rules to ignore them?

I know this may sound stupid but i gotta start somewhere right?

Thanks in advance for all your comments

Sincere Thanks

Matthew S Barnes





More information about the Snort-sigs mailing list