[Snort-users] New to snort. Does this look normal.

Dickson, Paul pdickson at ...13910...
Fri Aug 25 15:09:44 EDT 2006


 

This is coming from my own system.  I understand the opening of port 80,
but why the ping sweep?  That is CNET.

 

 #1-(1-671)
<http://10.12.3.172/base/base_qry_alert.php?submit=%231-%281-671%29&sort
_order=time_d>  [snort <http://www.snort.org/pub-bin/sigs.cgi?sid=122:3>
] (portscan) TCP Portsweep 2006-08-25 13:23:06 10.12.3.124
<http://10.12.3.172/base/base_stat_ipaddr.php?ip=10.12.3.124&netmask=32>
216.239.122.100
<http://10.12.3.172/base/base_stat_ipaddr.php?ip=216.239.122.100&netmask
32>  Raw IP  

#2-(1-672)
<http://10.12.3.172/base/base_qry_alert.php?submit=%232-%281-672%29&sort
_order=time_d>  [snort
<http://www.snort.org/pub-bin/sigs.cgi?sid=122:27> ] (portscan) Open
Port: 80
2006-08-25 13:23:06 10.12.3.124
<http://10.12.3.172/base/base_stat_ipaddr.php?ip=10.12.3.124&netmask=32>
216.239.122.100
<http://10.12.3.172/base/base_stat_ipaddr.php?ip=216.239.122.100&netmask
32>  Raw IP

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060825/c9e852e0/attachment.html>


More information about the Snort-users mailing list