[Snort-users] spp_portscan alerts

Martin Roesch roesch at ...421...
Fri Apr 6 23:44:54 EDT 2001


What are the alerts you're getting (which type of portscan are you
seeing) and what are the contents of your portscan.log file?

     -Marty

Jeff Haynie wrote:
> 
> Hello all,
> 
> I am receiving spp_portscans from an internal NT machine on our
> network.  It is not continuous but happens severl times during the day.
> I have searched using google and found several references but nothing
> that deals with NT.  I do know that NT is quite chatty and likes to
> converse with other NT machines, maybe this is the situation?  Maybe my
> Snortbox is picking up the broadcasts?  Ideas, solutions or suggestions
> would be greatly appreciated.
> 
> Jeff Haynie
> CNA, MCSE, SANS Level One GIAC, Chef, Bottlewasher, Golf pro, Swine
> jockey, Squirrel trainer, Brain surgeon
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list