[Snort-users] My Machine as Source

Briggs, Bruce Bruce.Briggs at ...13183...
Thu Apr 14 06:28:08 EDT 2005


203.26.51.42 is fairfax.com.au.
Perhaps you were surfing a web site from that machine.

I have turned off  the sfportscan preprocessor as I was finding too many
false positives and no easy way to fine tune what the preprocessor
reported.

Bruce

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mark
Sargent
Sent: Thursday, April 14, 2005 2:46 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] My Machine as Source

Hi All,

just started using Snort/Base on a test machine, although, the machine 
is part of a LAN/Internet setup. I'm using it just to learn the basics 
etc. Anyway, I see my machine, 192.168.0.12 as the source address for 
(portscan) Open Port on addresses on the net, for example, 203.26.51.42 
<http://localhost/base-1.1/base_stat_ipaddr.php?ip=203.26.51.42&netmask3
2>. 
Why is that..? More so, what is it..? False alrms, perhaps.? A zombie, 
perhaps..? Cheers.

Mark Sargent.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list