[Snort-users] spp_portscan alerts

JB Lallement jean-baptiste.lallement at ...1699...
Mon Apr 9 10:58:04 EDT 2001


At 09/04/2001 15:49, dave w capella wrote:
>On Mon, 9 Apr 2001, Jeff Haynie wrote:
>
> >Here is a sample of the code. I have changed the IP addresses but the ports
> >are the same.
> >
> >Apr  4 01:04:11 128.1.22.5:3372 -> 128.1.19.200:161 UDP
> >Apr  4 01:04:11 128.1.22.5:3380 -> 128.1.4.209:161 UDP
> >Apr  4 01:04:12 128.1.22.5:3391 -> 128.1.19.203:161 UDP
> >Apr  4 01:04:13 128.1.22.5:3430 -> 128.1.19.205:161 UDP
> >Apr  4 01:04:14 128.1.22.5:3468 -> 128.1.4.200:161 UDP
>
>I've been seeing a lot of that to a HP laser. I just assumed
>it was HP jetadmin looking for more printers...

Yes, jetadmin, HPToptools and all that stuff that probes for snmp devices.



>...dave
>--
>dave w capella            |  http://capella.ithaca.ny.us/
>Systems Administrator     |  mailto:dave.capella at ...1712...
>Department of Biometrics  |  http://www.biom.cornell.edu/
>Cornell University        |  (607) 255-9847
>PGP Key                   |  http://capella.ithaca.ny.us/pgpkey.txt
>         It's kind of fun to do the impossible.- Disney
>
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>http://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users

  ______________________________________________
|_  | Jean-Baptiste LALLEMENT
  / /  ZENI CORPORATION          http://zeni.fr
|___| Tél: 0.803.003.111   Fax: 03.44.57.35.55





More information about the Snort-users mailing list