[Snort-users] Portscan from own interface

Midnight shadow p.selder at ...2006...
Wed May 16 06:43:11 EDT 2001


On Wednesday 16 May 2001 07:37, Subba Rao wrote:

>
> I am seeing similar messages in my snort logs. I hope it is only spoofing
> and not that my machine has been compromised.

I found out what was the cause with my machine.
When someone made a connection thru the firewall to surf the web these 
messages were generated because I removed a few ports from the pre-prosessor. 
I removed port 80 and 443 for instance.
Now I added them back and the logs are quit now. (except for a real portscan)

Hope this helps

> [**] spp_portscan: portscan status from x.x.x.x: 1 connections across 1
> hosts: TCP(1), UDP(0) [**] 05/16-05:19:37.397711
>

Patrick

-- 
 ZZzz   |\      _,,,---,,_
        /,`.-'`'                  -.  ;-;;,_
       |,4-  ) )-,_..;\ (  `'-'
      '---''(_/--'  `-'\_)





More information about the Snort-users mailing list