[Snort-users] DNS portscans

Bob Van Cleef vancleef at ...211...
Wed Mar 14 12:50:36 EST 2001


The below scans have been showing up a lot lately as use of our VPN
network grows.  The logs make it look like our DNS server / Web server is
scanning our VPN network.

Bob
-*> Snort! <*-
Version 1.7

Mar 13 13:49:44 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2267 UDP
Mar 13 13:49:44 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2270 UDP
Mar 13 13:49:45 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2274 UDP
Mar 13 13:49:45 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2277 UDP
Mar 13 13:49:52 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2281 UDP
Mar 13 15:43:15 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3402 UDP
Mar 13 15:43:16 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3405 UDP
Mar 13 15:43:16 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3408 UDP
Mar 13 15:43:16 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3410 UDP
Mar 13 16:45:28 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3140 UDP
Mar 13 16:45:28 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3142 UDP
Mar 13 16:45:29 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3146 UDP
Mar 13 16:45:29 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3149 UDP
Mar 13 16:45:29 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3152 UDP






More information about the Snort-users mailing list