[Snort-users] Portscan from own interface
p.selder at ...2006...
Wed May 16 06:43:11 EDT 2001
On Wednesday 16 May 2001 07:37, Subba Rao wrote:
> I am seeing similar messages in my snort logs. I hope it is only spoofing
> and not that my machine has been compromised.
I found out what was the cause with my machine.
When someone made a connection thru the firewall to surf the web these
messages were generated because I removed a few ports from the pre-prosessor.
I removed port 80 and 443 for instance.
Now I added them back and the logs are quit now. (except for a real portscan)
Hope this helps
> [**] spp_portscan: portscan status from x.x.x.x: 1 connections across 1
> hosts: TCP(1), UDP(0) [**] 05/16-05:19:37.397711
ZZzz |\ _,,,---,,_
/,`.-'`' -. ;-;;,_
|,4- ) )-,_..;\ ( `'-'
More information about the Snort-users