[Snort-users] My Machine as Source
Bruce.Briggs at ...13183...
Thu Apr 14 06:28:08 EDT 2005
220.127.116.11 is fairfax.com.au.
Perhaps you were surfing a web site from that machine.
I have turned off the sfportscan preprocessor as I was finding too many
false positives and no easy way to fine tune what the preprocessor
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mark
Sent: Thursday, April 14, 2005 2:46 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] My Machine as Source
just started using Snort/Base on a test machine, although, the machine
is part of a LAN/Internet setup. I'm using it just to learn the basics
etc. Anyway, I see my machine, 192.168.0.12 as the source address for
(portscan) Open Port on addresses on the net, for example, 18.104.22.168
Why is that..? More so, what is it..? False alrms, perhaps.? A zombie,
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users