[Snort-users] snort detects portscan?

alexus ml at ...1718...
Tue Jun 19 19:10:07 EDT 2001


un 19 19:05:26 box snort: spp_portscan: portscan status from 216.27.143.184:
2 connections across 1 hosts: TCP(1), UDP(1) STEALTH
Jun 19 19:05:26 box /kernel: Jun 19 19:05:26 box snort: spp_portscan:
portscan status from 216.27.143.184: 2 connections across 1 hosts: TCP(1),
UDP(1) STEALTH
Jun 19 19:05:30 box snort: spp_portscan: End of portscan from
216.27.143.184: TOTAL time(1s) hosts(1) TCP(1) UDP(1) STEALTH
Jun 19 19:05:30 box /kernel: Jun 19 19:05:30 box snort: spp_portscan: End of
portscan from 216.27.143.184: TOTAL time(1s) hosts(1) TCP(1) UDP(1) STEALTH

i'm geting this in my syslog like every other 10 minutes.. i know that ip is
not portscaning me 'cause i wouldn't portscan myself:)

any ideas what could cause that?

as far as i can tell i do have a bit of communication between my box and
that pc .. that's dns .. but then again why is it doing every 10 minutes?
and in snort.conf i put into var DNS_SERVERS i put this ip..





More information about the Snort-users mailing list