[Snort-users] Interesting entries in BASE

CasperLinux CasperLinux at ...5068...
Sun Feb 26 15:12:04 EST 2006


This evening I'm evaluating the success of my newly created .htaccess file and 
found that I have several portscan entries originating from within my 
network.  Destination is both inside and outside my local LAN.  Below is the 
payload from one of these events.  Does anyone have any input as to what may 
be causing this? I am NOT running any portscan program that I am aware of.

length = 140

000 : 50 72 69 6F 72 69 74 79 20 43 6F 75 6E 74 3A 20   Priority Count: 
010 : 39 0A 43 6F 6E 6E 65 63 74 69 6F 6E 20 43 6F 75   9.Connection Cou
020 : 6E 74 3A 20 35 0A 49 50 20 43 6F 75 6E 74 3A 20   nt: 5.IP Count: 
030 : 35 0A 53 63 61 6E 6E 65 64 20 49 50 20 52 61 6E   5.Scanned IP Ran
040 : 67 65 3A 20 31 39 32 2E 31 36 38 2E 30 2E 34 32   ge: 192.168.0.42
050 : 3A 36 34 2E 31 35 34 2E 38 30 2E 32 35 34 0A 50   :64.154.80.254.P
060 : 6F 72 74 2F 50 72 6F 74 6F 20 43 6F 75 6E 74 3A   ort/Proto Count:
070 : 20 35 0A 50 6F 72 74 2F 50 72 6F 74 6F 20 52 61    5.Port/Proto Ra
080 : 6E 67 65 3A 20 32 31 3A 34 34 33 0A               		nge: 21:443.

Don
-- 
- Powered by Debian Linux - 




More information about the Snort-users mailing list