[Snort-users] What is this?

Palula Brasil palula at ...1836...
Thu Dec 29 17:28:19 EST 2005


I listed a lot of files within a folder that snort has automatically
generated for my own IP... The IP of my machine?!?! What the hell is going
on??? Is my machine attacking itself on a total madness rampage? Or does
this mean my machine is attacking other computers out of a sudden??? Here's
the directory list...

-rw-------  1 root root 4697 Dec 29 19:43 PROTO255
-rw-------  1 root root  352 Dec 29 12:25 TCP:1111-80
-rw-------  1 root root  353 Dec 29 17:11 TCP:1324-80
-rw-------  1 root root  354 Dec 29 17:33 TCP:1415-80
-rw-------  1 root root  345 Dec 29 17:34 TCP:1416-80
-rw-------  1 root root  359 Dec 29 18:21 TCP:1922-80
-rw-------  1 root root  361 Dec 29 18:21 TCP:1926-80
-rw-------  1 root root  361 Dec 29 18:21 TCP:1930-80
-rw-------  1 root root  353 Dec 29 19:48 TCP:2098-80
-rw-------  1 root root  303 Dec 29 21:34 TCP:2281-80
-rw-------  1 root root  303 Dec 29 21:34 TCP:2286-80
-rw-------  1 root root  303 Dec 29 21:34 TCP:2287-80
-rw-------  1 root root  303 Dec 29 21:34 TCP:2288-80
-rw-------  1 root root  353 Dec 29 21:34 TCP:2302-80
-rw-------  1 root root  345 Dec 29 21:34 TCP:2303-80

And here is ome lines that appeared on the PROTO255 file:

[**] (portscan) TCP Portsweep [**]
12/29-17:35:11.542611 xxx.xxx.xxx.xxx -> 65.54.183.192
PROTO255 TTL:0 TOS:0x0 ID:2011 IpLen:20 DgmLen:159 DF
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] (portscan) Open Port [**]
12/29-17:35:11.546545 xxx.xxx.xxx.xxx -> 80.67.81.134
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:34 DF
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] (portscan) Open Port [**]
12/29-17:35:13.762729 xxx.xxx.xxx.xxx -> 207.46.216.60
PROTO255 TTL:0 TOS:0x0 ID:29885 IpLen:20 DgmLen:34
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] (portscan) Open Port [**]
12/29-17:35:13.799008 xxx.xxx.xxx.xxx -> 209.67.78.3
PROTO255 TTL:0 TOS:0x0 ID:51137 IpLen:20 DgmLen:34 DF
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Looks like my machine has gone totally mad and is portscanning machines
randomly... I don't have a clue of whati is going on... :-(

Somebody please help.





More information about the Snort-users mailing list