[Snort-sigs] Portscan reporting
Antony J. Shepherd
antony.s at ...1308...
Mon Feb 17 01:30:14 EST 2003
We had this portscan report that went on for hours. When I checked the
portscan.log file, it seemed that the access was originating on port 20
(FTP_Data) at the far end, and chugging through every single port from 1024
onwards on our end. This turned out to be due to a colleague sending a large
file by FTP to a client, and it was the client's IP address that was showing
Any ideas why an FTP upload should get picked up as a portscan by Snort?
Antony J. Shepherd.
More information about the Snort-sigs