[Snort-users] New to snort...what do these mean???

Michael Packer pac at ...572...
Tue Oct 10 16:53:45 EDT 2000


On Tue, Oct 10, 2000 at 09:35:55AM -0400, Michael Packer wrote:

>> snort[6807]: spp_portscan: PORTSCAN DETECTED from 216.35.172.137
>> snort[6807]: spp_portscan: portscan status from 216.35.172.137: 1

>> connections
>> across 1 hosts: TCP(1), UDP(0) STEALTH

> A single syn packet from 216.35.172.137 triggered the portscan 
> preprocessor

>> snort[6807]: PING-ICMP Destination Unreachable: 203.200.47.173
>> snort[6807]: PING-ICMP Time Exceeded .....
>> snort[6807]: PING-ICMP MISC - Large ICMP Packet  ....
> 
>> which of these should i be worried about???

how do i block these portscans? how can i tell which port they are scanning

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com




More information about the Snort-users mailing list