[Snort-users] Is this a realy a bogus portscan report?

Bob Van Cleef vancleef at ...211...
Mon May 7 11:35:49 EDT 2001


Is there some "sensitivity" tuning that needs to be done to
snort?  Was that portscan bogus? 192.86.6.214 was a test
system that was only up for about one hour. (Actually a
netscreen firewall box with an old windows laptop behind it.)

Snort itself did not log anything from either IP address.

Bob

---------- Forwarded message ----------
Date: Mon, 7 May 2001 07:10:21 -0700
From: Abuse-Team <abuse-team at ...1990...>
To: "'vancleef at ...211...'" <vancleef at ...211...>
Subject: Re: FW: Portscan from your name server!!!

Thank you for your report.  This IP address is a machine that is a part of
network routing.  This machine is secure and does not perform portscans, the
traffic you saw is part of standard network traffic.  If your firewall
software is reporting this as a portscan, system probe, or hack attempt, you
may wish to check the settings of your firewall, as many have 'maximum'
settings which will report any and all network traffic, including standard
traffic such as this, as an attack.


Thank you,

The @Home Network Policy Management Team


-----Original Message-----
From: Bob Van Cleef [mailto:vancleef at ...211...]
Sent: Friday, May 04, 2001 10:53 AM
To: abuse at ...530...
Subject: Portscan from your name server!!!



Why did your nameserver scan one of my test systems?
Did you swallow a virus?

24.1.4.12 - proxy1.stcla1.sfba.home.com

Bob
--
><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>
Bob Van Cleef, Member of Technical Staff         (408) 734-8100
MicroUnity Systems Engineering, Inc.         FAX (408) 734-8136
376 Martin Ave., Santa Clara, CA 95050  vancleef at ...211...

May  3 14:52:31 24.1.4.12:53 -> 192.86.6.214:2371 UDP
May  3 14:52:31 24.1.4.12:53 -> 192.86.6.214:2374 UDP
May  3 14:52:32 24.1.4.12:53 -> 192.86.6.214:2377 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2381 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2383 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2385 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2387 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2389 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2391 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2393 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2395 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2397 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2399 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2401 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2403 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2405 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2408 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2410 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2412 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2414 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2416 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2418 UDP
May  3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2420 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2422 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2424 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2426 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2428 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2430 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2432 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2434 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2436 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2438 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2440 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2442 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2444 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2446 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2448 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2450 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2452 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2454 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2456 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2458 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2460 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2462 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2464 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2466 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2468 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2470 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2472 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2474 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2476 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2478 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2480 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2482 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2484 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2486 UDP
May  3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2488 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2490 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2492 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2494 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2496 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2498 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2500 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2502 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2504 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2506 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2508 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2510 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2512 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2514 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2516 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2518 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2520 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2522 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2524 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2526 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2528 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2530 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2532 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2534 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2536 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2538 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2540 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2542 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2544 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2546 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2548 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2550 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2552 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2554 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2556 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2558 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2560 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2562 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2564 UDP
May  3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2566 UDP
May  3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2568 UDP
May  3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2570 UDP
May  3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2572 UDP
May  3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2574 UDP
May  3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2576 UDP
May  3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2578 UDP
May  3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2580 UDP
May  3 14:53:42 24.1.4.12:53 -> 192.86.6.214:2582 UDP
May  3 14:53:42 24.1.4.12:53 -> 192.86.6.214:2584 UDP
May  3 14:53:43 24.1.4.12:53 -> 192.86.6.214:2586 UDP
May  3 14:53:43 24.1.4.12:53 -> 192.86.6.214:2588 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2590 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2592 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2594 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2596 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2598 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2600 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2602 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2604 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2606 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2608 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2610 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2612 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2614 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2616 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2618 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2620 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2622 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2624 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2626 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2628 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2630 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2632 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2634 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2636 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2638 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2640 UDP
May  3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2642 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2644 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2646 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2648 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2650 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2652 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2654 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2656 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2658 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2660 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2664 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2666 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2668 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2670 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2672 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2674 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2676 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2678 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2680 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2682 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2684 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2686 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2688 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2690 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2692 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2694 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2696 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2698 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2700 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2702 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2704 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2706 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2708 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2710 UDP
May  3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2712 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2714 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2717 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2719 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2721 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2723 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2725 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2727 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2729 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2731 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2733 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2735 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2737 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2739 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2741 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2743 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2745 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2747 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2749 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2751 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2753 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214::2755 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2757 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2759 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2761 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2763 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2765 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2767 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2769 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2771 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2773 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2775 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2777 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2779 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2781 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2783 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2785 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2787 UDP
May  3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2789 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2791 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2794 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2796 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2798 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2800 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2802 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2804 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2806 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2808 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2810 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2812 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2814 UDP
May  3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2816 UDP
May  3 14:53:48 24.1.4.12:53 -> 192.86.6.214:33792 UDP
May  3 14:54:11 24.1.4.12:53 -> 192.86.6.214:2829 UDP
May  3 14:54:11 24.1.4.12:53 -> 192.86.6.214:2662 UDP
May  3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2834 UDP
May  3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2836 UDP
May  3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2838 UDP
May  3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2840 UDP
May  3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2842 UDP
May  3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2844 UDP
May  3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2847 UDP
May  3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2849 UDP
May  3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2851 UDP
May  3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2853 UDP
May  3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2855 UDP
May  3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2857 UDP
May  3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2859 UDP
May  3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2861 UDP
May  3 15:25:35 24.1.4.12:53 -> 192.86.6.214:2414 UDP
May  3 15:25:35 24.1.4.12:53 -> 192.86.6.214:2422 UDP
May  3 15:25:36 24.1.4.12:53 -> 192.86.6.214:2430 UDP
May  3 15:25:36 24.1.4.12:53 -> 192.86.6.214:2448 UDP
May  3 15:25:38 24.1.4.12:53 -> 192.86.6.214:2562 UDP
May  3 15:25:39 24.1.4.12:53 -> 192.86.6.214:2511 UDP









More information about the Snort-users mailing list