[Snort-users] New to snort...what do these mean???

Michael Packer pac at ...572...
Tue Oct 10 09:35:55 EDT 2000


I've got snort running and am getting all kinds of messages...is there
a place to go find out what things mean?

how about how do i block some of these?  I would have thought some of
these were blocked by ipchains.

here are some messages I'm getting:

snort[6807]: spp_portscan: PORTSCAN DETECTED from
snort[6807]: spp_portscan: portscan status from 1 connections
across 1 hosts: TCP(1), UDP(0) STEALTH
snort[6807]: spp_portscan: End of portscan from

snort[6807]: PING-ICMP Destination Unreachable:
snort[6807]: PING-ICMP Time Exceeded .....
snort[6807]: PING-ICMP MISC - Large ICMP Packet  ....

which of these should i be worried about???

i tried checking for a directory in my log section for
but there was nothing...

thanks for any help!!!!

FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com

More information about the Snort-users mailing list