Snort mailing list archives

Previous By Date Next
Previous By Thread Next

spp_portscan

From: niko () digitalenigma com
Date: Fri, 22 Jun 2001 11:17:24 -0400 (EDT)

  Since putting this firewall up I have been receiving a barage of alerts
with the following information.  It doesn't seem to give me much to go on
and I have been unable to find any decent info about what exactly an
spp_portscan is.  Plus I find it extremely odd that there is no source or
destination info short of what shows up in the "Triggered
Signature" section of ACID.  Also, there is no payload info.  Maybe I am
missing something obvious but would greatly appreciate any light anyone
can shed on this issue. 

Thank you,

Niko

#1-(39-908)  spp_portscan: portscan status from my.dns.server.ip: 1
connections across 1 hosts: TCP(0), UDP(1) 2001-06-22 10:45:18  unknown
unknown  IP


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: