[Snort-users] portscan

Rich Adamson radamson at ...2127...
Wed Oct 10 08:14:05 EDT 2001


The portscan pattern that you're seeing is likely coming from an internal
Windows box (netbeui noise) and/or DNS.

> alexus wrote:
> 
> > my snort detects way too much of so called "portscan" even from my very own
> > ip
> >
> > Oct 10 00:51:07 box snort[605]: spp_portscan: portscan status from
> > 66.92.98.145: 6 connections across 6 hosts: TCP(0), UDP(6)
> > Oct 10 00:51:07 box /kernel: Oct 10 00:51:07 box snort[605]: spp_portscan:
> > portscan status from 66.92.98.145: 6 connections across 6 hosts: TCP(0),
> > UDP(6)
> > Oct 10 00:52:01 box snort[605]: spp_portscan: portscan status from
> > 66.92.98.145: 2 connections across 2 hosts: TCP(0), UDP(2)
> >
> > i assume that this is missconfiguration of some kind.. i do not portscan
> > myself..
> >
> > any ideas?
> >
> > thank you in advance





More information about the Snort-users mailing list