No subject


Thu Nov 23 16:36:19 EST 2017


Apr  1 14:54:53 snort1 snort: [1:1917:4] SCAN UPnP service discover attempt=
=20
[Classification: Detection of a Network Scan] [Priority: 3]: {UDP}=20
172.16.45.94:1037 -> 172.16.1.2:1900

What does  [1:1917:4] mean/stand for

I run some simple bash scripts to parse the files every hour and report bac=
k=20
on priority 1 entries.

My network is very simple, the 2 nics are watching 2 t-1 circuits from=20
different providers:

 network diagram in very lame ascii art format, I hope it comes out readabl=
e.
=20
        cloud                           	        		cloud
        internet1                      	         		internet2
        t-1                          		           		t-1
          |                              	         	 	 |
          |                                         		          |
          cisco                                   			cisco
          2611                                    			3640
          172.16.1.1                              	   	 |
          |                                         	  	         |
          |                  snort-box                 	   	 |
          |  172.16.2.59-eth0 172.16.2.60-eth1    |
          |            		 |       |             			PIX
          |             	 |       |             			172.16.1.2
          |             	 |       |             			|
          hub--------------|       |----------------------hub
          |                        			                 |
          |_____________         _________________|
               		         |        |
                 	       48 port Switch
                 	       | | | | | | | |
                 	       | | | | | | | |
                 	       the network
                 	       172.16.0.0
=20
Thanks [Slan] for any and all help,
Eamonn





More information about the Snort-users mailing list