[Snort-users] portscan log...

Demetri Mouratis dmourati at ...3877...
Thu Jan 31 06:50:13 EST 2002


The SYN is the type of packet that's being sent, in this case a request to
open a tcp connection.

The *'s indicate that the corresponding bit (FIN,ACK ...) is not set.

In short, this is your standard tcp portscan.
On Thu, 31 Jan 2002, Edwin Pua wrote:

> Hi,
>
>       I saw this message under my portscan.log file and I know that this
> source ip 137.132.83.218 is scanning my ip 211.156.185.143 but what is
> SYN*****S* means?
>
>
> Jan 29 18:52:34 137.132.83.218:1999 -> 211.156.185.143:3372 SYN ******S*
> Jan 29 18:52:34 137.132.83.218:2000 -> 211.156.185.143:3373 SYN ******S*
> Jan 29 18:52:35 137.132.83.218:2003 -> 211.156.185.143:3376 SYN ******S*
> Jan 29 18:52:36 137.132.83.218:2004 -> 211.166.185.143:3377 SYN ******S*
> Jan 29 18:52:36 137.132.83.218:2005 -> 211.166.185.143:3378 SYN ******S*
> Jan 29 18:52:37 137.132.83.218:2006 -> 211.166.185.143:3379 SYN ******S*
> Jan 29 18:52:37 137.132.83.218:2007 -> 211.166.185.143:3380 SYN ******S*
> Jan 29 18:52:38 137.132.83.218:2008 -> 211.166.185.143:3381 SYN ******S*
> Jan 29 18:52:38 137.132.83.218:2010 -> 211.166.185.143:3383 SYN ******S*
> Jan 29 18:52:39 137.132.83.218:2011 -> 211.166.185.143:3384 SYN ******S*
> Jan 29 18:52:39 137.132.83.218:2012 -> 211.166.185.143:3385 SYN ******S*
> Jan 29 18:52:40 137.132.83.218:2014 -> 211.166.185.143:3387 SYN ******S*
>
> rgds,
> edwin
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

---------------------------------------------------------------------
Demetri Mouratis
dmourati at ...3878...





More information about the Snort-users mailing list