[Snort-users] Portscans using spp_portscan

Shane Machon shane at ...2397...
Tue Oct 16 20:55:14 EDT 2001


Greetings,

I am seeing constant portscans from my local ip address when running the
stream4 detect portscans plugin. 

spp_portscan: PORTSCAN DETECTED from (My Local IP)
spp_portscan: portscan status from (My Local IP): 1 connections across 1
hosts: TCP(1), UDP(0)
spp_portscan: portscan status from (My Local IP): 2 connections across 2
hosts: TCP(1), UDP(1)
spp_portscan: portscan status from (My Local IP): 1 connections across 1
hosts: TCP(1), UDP(0)
...........................

How is this possible? Nobody is running a portscanner of any type from
this machine, the system is not running dns or web traffic (only smtp).

Am i missing something simple? Should I be worried?

Using Redhat 7.0 Snort 1.8.1 RPM Package (no DB Support)

Any help appreciated.

Cheers,
Shane.




More information about the Snort-users mailing list