[Snort-users] New to snort...what do these mean???

Michael Packer pac at ...572...
Tue Oct 10 09:35:55 EDT 2000


Hello,

I've got snort running and am getting all kinds of messages...is there
a place to go find out what things mean?

how about how do i block some of these?  I would have thought some of
these were blocked by ipchains.

here are some messages I'm getting:

snort[6807]: spp_portscan: PORTSCAN DETECTED from 216.35.172.137
snort[6807]: spp_portscan: portscan status from 216.35.172.137: 1 connections
across 1 hosts: TCP(1), UDP(0) STEALTH
snort[6807]: spp_portscan: End of portscan from 216.35.172.137

snort[6807]: PING-ICMP Destination Unreachable: 203.200.47.173
snort[6807]: PING-ICMP Time Exceeded .....
snort[6807]: PING-ICMP MISC - Large ICMP Packet  ....

which of these should i be worried about???

i tried checking for a directory in my log section for 216.35.172.137
but there was nothing...

thanks for any help!!!!

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com




More information about the Snort-users mailing list