[Snort-users] Error message in /var/log/messages.

Prins, J.H. J.H.Prins at ...1070...
Fri Jan 5 04:52:30 EST 2001


>> Jan  4 10:49:59 cerberus kernel: *pde = 02f96063
>> Jan  4 10:49:59 cerberus kernel: *pte = 00000000
>> Jan  4 10:49:59 cerberus kernel: Oops: 0000
>> Jan  4 10:49:59 cerberus kernel: CPU:    0
>> Jan  4 10:49:59 cerberus kernel: EIP:
>>
0010:[lockd:__insmod_lockd_O/lib/modules/2.2.14-5.0/fs/lockd.o_M38C5B70+-369
>> 91/96]
>> Jan  4 10:49:59 cerberus kernel: EFLAGS: 00010246
>> Jan  4 10:49:59 cerberus kernel: eax: c3850e9c   ebx: c1c93cf4   ecx:


> it doesn't look like snort is the cause of death here. it looks
> like the scan crashed your nfs kernel module. Any information what
> kind of scan the guy was conducting? This looks interesting, I haven't
> seen any nfs kernel module probs reported yet :)

Here is a part of the snort_portscan.log file. I hope this helps.

Greetings,
J.H. Prins

Jan  4 10:49:38 131.155.228.92:50376 -> 213.51.157.178:6002 UDP
Jan  4 10:49:39 131.155.228.92:50376 -> 213.51.157.178:1433 UDP
Jan  4 10:49:40 131.155.228.92:50376 -> 213.51.157.178:1024 UDP
Jan  4 10:49:43 131.155.228.92:50377 -> 213.51.157.178:3130 UDP
Jan  4 10:49:44 131.155.228.92:50377 -> 213.51.157.178:6002 UDP
Jan  4 10:49:45 131.155.228.92:50377 -> 213.51.157.178:1433 UDP
Jan  4 10:49:59 131.155.228.92:1234 -> 213.51.157.178:1024 UDP
Jan  4 10:49:50 131.155.228.92:4586 -> 213.51.157.178:22 SYN **S*****
Jan  4 10:49:50 131.155.228.92:4587 -> 213.51.157.178:25 SYN **S*****
Jan  4 10:49:50 131.155.228.92:4589 -> 213.51.157.178:113 SYN **S*****
Jan  4 10:49:50 131.155.228.92:4590 -> 213.51.157.178:1024 SYN **S*****
Jan  4 10:50:05 131.155.228.92:1234 -> 213.51.157.178:1024 UDP
Jan  4 10:50:11 131.155.228.92:1234 -> 213.51.157.178:1024 UDP
Jan  4 10:50:17 131.155.228.92:1234 -> 213.51.157.178:1024 UDP
Jan  4 10:50:21 131.155.228.92:1234 -> 213.51.157.178:1024 UDP
Jan  4 10:50:22 131.155.228.92:1234 -> 213.51.157.178:1025 UDP
Jan  4 10:50:23 131.155.228.92:1234 -> 213.51.157.178:1433 UDP
Jan  4 10:50:23 131.155.228.92:1234 -> 213.51.157.178:1433 UDP
Jan  4 10:50:24 131.155.228.92:1234 -> 213.51.157.178:3128 UDP
Jan  4 10:50:26 131.155.228.92:1234 -> 213.51.157.178:3130 UDP
Jan  4 10:50:27 131.155.228.92:1234 -> 213.51.157.178:5432 UDP
Jan  4 10:50:28 131.155.228.92:1234 -> 213.51.157.178:5999 UDP
Jan  4 10:50:29 131.155.228.92:1234 -> 213.51.157.178:6000 UDP
Jan  4 10:50:29 131.155.228.92:1234 -> 213.51.157.178:6000 UDP




More information about the Snort-users mailing list