[Snort-users] Portscan

Nils Fragoso nils at ...11552...
Thu Aug 25 03:18:08 EDT 2005


Hi Guys,

Do you know why, on Base (v.1.1.3), I can see portscan alerts (see below) without dest. address or port numbers, when portscan.log file have all the information? 

Base-->  [snort] spp_portscan detected from 10.1.8.23 (THRESHOLD 4 connections exceeded in 3 seconds)  2005-08-25 05:09:34  10.1.8.23  unknown  IP  

portscan.log ->  Aug 25 05:09:34 10.1.8.23:17951 -> 10.137.1.1:389 SYN ******S* 

It seems that my remote sensor is not seding all information to my master, where the database is.

Snort: v.2.4
Base: 1.1.3
My SQL: 4.1.9

Cheers

Nils
 
This e-mail and its attachments may contain Right Management Consultants Inc. proprietary information, which is PRIVILEGED, CONFIDENTIAL, or subject to COPYRIGHT belonging to Right Management Consultants, Inc. This e-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this e-mail, or the employee or agent responsible for delivering this e-mail to the intended recipient, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is STRICTLY PROHIBITED and may be UNLAWFUL. If you have received this e-mail in error, please notify the sender immediately and permanently delete the original and any copy of this e-mail and any printout. Thank You.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050825/526e2cba/attachment.html>


More information about the Snort-users mailing list