[Snort-users] Portscan 2 question

Joe Giles jgiles at ...6534...
Thu Oct 24 10:55:02 EDT 2002

Wheew... I though I was hacked or something. I thought some one was
using my server as a proxy to scan other networks :-P

I'm not sure how to alleviate this problem, but maybe the Snort guru's
can figure it out :)



On Thu, 2002-10-24 at 11:46, Hicks, John wrote:
> I'm noticing the same thing after instaling 1.9 on a Web Server. It seems to
> detect my $HOME_NET address replying to multiple web requests on various
> ephemeral ports as a portscan. any thoughts on how to control this? I tried
> the ignorehosts to no avail :(
> John
> -----Original Message-----
> From: Joe Giles [mailto:jgiles at ...6534...]
> Sent: Thursday, October 24, 2002 1:23 PM
> To: Snort-List
> Subject: [Snort-users] Portscan 2 question
> I have a weird problem with 2 entries in my ACID database. Apparently,
> my server did a port scan on a remote machine. The problem is that no
> one here initiated a port scan. The database lists my server IP as the
> source and lists a dest IP. This is listed as a spp_portscan2. Does the
> new snort scan other machines on the Internet? I don't want any issues
> with other services because they think I'm port scanning their network.
> Thanks
> Joe
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future 
> of Java(TM) technology. Join the Java Community 
> Process(SM) (JCP(SM)) program now. 
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list