[Snort-users] New to snort...what do these mean???
pac at ...572...
Tue Oct 10 09:35:55 EDT 2000
I've got snort running and am getting all kinds of messages...is there
a place to go find out what things mean?
how about how do i block some of these? I would have thought some of
these were blocked by ipchains.
here are some messages I'm getting:
snort: spp_portscan: PORTSCAN DETECTED from 184.108.40.206
snort: spp_portscan: portscan status from 220.127.116.11: 1 connections
across 1 hosts: TCP(1), UDP(0) STEALTH
snort: spp_portscan: End of portscan from 18.104.22.168
snort: PING-ICMP Destination Unreachable: 22.214.171.124
snort: PING-ICMP Time Exceeded .....
snort: PING-ICMP MISC - Large ICMP Packet ....
which of these should i be worried about???
i tried checking for a directory in my log section for 126.96.36.199
but there was nothing...
thanks for any help!!!!
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com
More information about the Snort-users