[Snort-users] spp_portscan

niko at ...2371... niko at ...2371...
Fri Jun 22 11:17:24 EDT 2001


  Since putting this firewall up I have been receiving a barage of alerts
with the following information.  It doesn't seem to give me much to go on
and I have been unable to find any decent info about what exactly an
spp_portscan is.  Plus I find it extremely odd that there is no source or
destination info short of what shows up in the "Triggered
Signature" section of ACID.  Also, there is no payload info.  Maybe I am
missing something obvious but would greatly appreciate any light anyone
can shed on this issue. 

Thank you,

Niko

#1-(39-908)  spp_portscan: portscan status from my.dns.server.ip: 1
connections across 1 hosts: TCP(0), UDP(1) 2001-06-22 10:45:18  unknown
unknown  IP





More information about the Snort-users mailing list