Snort mailing list archives
spp_portscan
From: niko () digitalenigma com
Date: Fri, 22 Jun 2001 11:17:24 -0400 (EDT)
Since putting this firewall up I have been receiving a barage of alerts with the following information. It doesn't seem to give me much to go on and I have been unable to find any decent info about what exactly an spp_portscan is. Plus I find it extremely odd that there is no source or destination info short of what shows up in the "Triggered Signature" section of ACID. Also, there is no payload info. Maybe I am missing something obvious but would greatly appreciate any light anyone can shed on this issue. Thank you, Niko #1-(39-908) spp_portscan: portscan status from my.dns.server.ip: 1 connections across 1 hosts: TCP(0), UDP(1) 2001-06-22 10:45:18 unknown unknown IP _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_portscan niko (Jun 22)
- <Possible follow-ups>
- RE: spp_portscan Kevin Brown (Jun 22)