[Snort-users] New to snort...what do these mean???

Ralf Hildebrandt Ralf.Hildebrandt at ...22...
Tue Oct 10 13:04:05 EDT 2000

On Tue, Oct 10, 2000 at 09:35:55AM -0400, Michael Packer wrote:

> snort[6807]: spp_portscan: PORTSCAN DETECTED from
> snort[6807]: spp_portscan: portscan status from 1 connections
> across 1 hosts: TCP(1), UDP(0) STEALTH

A single syn packet from triggered the portscan preprocessor

> snort[6807]: PING-ICMP Destination Unreachable:
> snort[6807]: PING-ICMP Time Exceeded .....
> snort[6807]: PING-ICMP MISC - Large ICMP Packet  ....
> which of these should i be worried about???

The portscan
> i tried checking for a directory in my log section for
> but there was nothing...

Depends on how your snort logs! If it logs in binary format, you'll have to
process the binary log in order to get cleartext

ralf.hildebrandt at ...22...
Dipl.-Informatiker                                       innominate AG
system engineer                                      networking people
tel: +49.30.308806-62  fax: -77   http://innominate.de  pgp at request
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 358 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20001010/176812f4/attachment.sig>

More information about the Snort-users mailing list