[Snort-users] My Machine as Source

Briggs, Bruce Bruce.Briggs at ...13183...
Thu Apr 14 06:28:08 EDT 2005 is fairfax.com.au.
Perhaps you were surfing a web site from that machine.

I have turned off  the sfportscan preprocessor as I was finding too many
false positives and no easy way to fine tune what the preprocessor


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mark
Sent: Thursday, April 14, 2005 2:46 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] My Machine as Source

Hi All,

just started using Snort/Base on a test machine, although, the machine 
is part of a LAN/Internet setup. I'm using it just to learn the basics 
etc. Anyway, I see my machine, as the source address for 
(portscan) Open Port on addresses on the net, for example, 
Why is that..? More so, what is it..? False alrms, perhaps.? A zombie, 
perhaps..? Cheers.

Mark Sargent.

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list