[Snort-users] Portscan 2 question

Gary Verhulp garyv at ...7238...
Thu Oct 24 11:36:05 EDT 2002


on most unix that I'm familiar with,it's "last" not "lasts"
what OS are you on?
what's the ports used in the scan?
can you post a section of the alert?

Gary



Joe Giles wrote:
> Well, I'm not RUNNING a DNS server, but I use one. My ISP's DNS...
> Should I add that to the list? 
> 
> Also, I don't seem to have the 'lasts' command. What package is that
> part of?
> 
> Thanks for the reply
> 
> Joe
> 
> On Thu, 2002-10-24 at 12:03, Robby Desmond wrote:
> 
>>At 11:22 AM 10/24/02 -0600, you wrote:
>>
>>>I have a weird problem with 2 entries in my ACID database. Apparently,
>>>my server did a port scan on a remote machine. The problem is that no
>>>one here initiated a port scan. The database lists my server IP as the
>>>source and lists a dest IP. This is listed as a spp_portscan2. Does the
>>>new snort scan other machines on the Internet? I don't want any issues
>>>with other services because they think I'm port scanning their network.
>>>
>>>Thanks
>>>
>>>Joe
>>
>>Are you, by chance, running DNS?
>>
>>You should add your DNS servers to the list of portscan2-ignorehosts, 
>>otherwise you will get this sort of activity.
>>
>>If you are not running DNS, then check the "lasts" command to see who has 
>>been on your system. (Or who has been appearing as someone on your system.)
>>
>>-Robby
>>
>>Robert Desmond
>>Systems Administrator
>>UCSB Extended Learning Services
>>805-893-4906
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future 
> of Java(TM) technology. Join the Java Community 
> Process(SM) (JCP(SM)) program now. 
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 






More information about the Snort-users mailing list