[Snort-users] "portscans" that only hit one host, one time?

McCammon, Keith Keith.McCammon at ...3497...
Fri Aug 9 10:51:03 EDT 2002

[WARNING: Slightly off-topic]

> Aug  9 11:48:39 -> xxx.yyy.zzz.66:443 

I don't know much about spp_portscan internals, so I'm not sure why this was logged.  However, I'd sure as hell qualify this as a portscan.  This packet is definitely crafted to bypass a filter or elicit a response for fingerprinting or the like.   

More information about the Snort-users mailing list