[Snort-users] (portscan) Open Port:

Bamm Visscher bamm.visscher at ...11827...
Thu Sep 7 11:40:36 EDT 2006


That's the sfportscan preprocessor [0]

Bammkkkk

[0] http://www.snort.org/docs/snort_htmanuals/htmanual_260/node11.html#SECTION00317000000000000000



On 9/7/06, Mark Rohrbeck <mark.rohrbeck at ...11827...> wrote:
>
>
>
>
>
> Hi all,
>
>
>
> I am getting thousands of these portscans (Below are 3 examples) They are basically all from my exchange server to different IP addresses mainly on port 25 I have noticed a few of 53 too.  They are all going to addresses on the internet and I am not sure if I should be concerned or not, they are happening continuously all through the day.
>
>
>
> If I can offer any more information please let me know, I would really like to get to the bottom of this, I have googled away and find similar posts but no answers.
>
>
>
> When I click on the link to Snort it says
>
>
> GEN:SID
>
> 1:27
>
>
> Message
>
> Sorry, no such   sid-gen (1:27)
>
>
>
>
>
> Any help greatly appreciated.
> Thanks

-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net




More information about the Snort-users mailing list