[Snort-users] spp_portscan alerts

dave w capella dave.capella at ...1712...
Mon Apr 9 09:49:49 EDT 2001


On Mon, 9 Apr 2001, Jeff Haynie wrote:

>Here is a sample of the code. I have changed the IP addresses but the ports
>are the same.
>
>Apr  4 01:04:11 128.1.22.5:3372 -> 128.1.19.200:161 UDP
>Apr  4 01:04:11 128.1.22.5:3380 -> 128.1.4.209:161 UDP
>Apr  4 01:04:12 128.1.22.5:3391 -> 128.1.19.203:161 UDP
>Apr  4 01:04:13 128.1.22.5:3430 -> 128.1.19.205:161 UDP
>Apr  4 01:04:14 128.1.22.5:3468 -> 128.1.4.200:161 UDP

I've been seeing a lot of that to a HP laser. I just assumed
it was HP jetadmin looking for more printers...

...dave
-- 
dave w capella            |  http://capella.ithaca.ny.us/
Systems Administrator     |  mailto:dave.capella at ...1712...  
Department of Biometrics  |  http://www.biom.cornell.edu/
Cornell University        |  (607) 255-9847
PGP Key                   |  http://capella.ithaca.ny.us/pgpkey.txt
        It's kind of fun to do the impossible.- Disney 





More information about the Snort-users mailing list