Snort mailing list archives
Re: Is this a realy a bogus portscan report?
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 07 May 2001 11:48:15 -0400
See the portscan preprocessor section in the snort.conf file or the
Writing Snort Rules document at www.snort.org.
-Marty
Bob Van Cleef wrote:
Is there some "sensitivity" tuning that needs to be done to snort? Was that portscan bogus? 192.86.6.214 was a test system that was only up for about one hour. (Actually a netscreen firewall box with an old windows laptop behind it.) Snort itself did not log anything from either IP address. Bob ---------- Forwarded message ---------- Date: Mon, 7 May 2001 07:10:21 -0700 From: Abuse-Team <abuse-team () corp home net> To: "'vancleef () microunity com'" <vancleef () microunity com> Subject: Re: FW: Portscan from your name server!!! Thank you for your report. This IP address is a machine that is a part of network routing. This machine is secure and does not perform portscans, the traffic you saw is part of standard network traffic. If your firewall software is reporting this as a portscan, system probe, or hack attempt, you may wish to check the settings of your firewall, as many have 'maximum' settings which will report any and all network traffic, including standard traffic such as this, as an attack. Thank you, The @Home Network Policy Management Team -----Original Message----- From: Bob Van Cleef [mailto:vancleef () microunity com] Sent: Friday, May 04, 2001 10:53 AM To: abuse () home com Subject: Portscan from your name server!!! Why did your nameserver scan one of my test systems? Did you swallow a virus? 24.1.4.12 - proxy1.stcla1.sfba.home.com Bob --<> ><> ><> ><> ><> ><> ><> ><> ><> ><> ><> ><> ><>Bob Van Cleef, Member of Technical Staff (408) 734-8100 MicroUnity Systems Engineering, Inc. FAX (408) 734-8136 376 Martin Ave., Santa Clara, CA 95050 vancleef () microunity com May 3 14:52:31 24.1.4.12:53 -> 192.86.6.214:2371 UDP May 3 14:52:31 24.1.4.12:53 -> 192.86.6.214:2374 UDP May 3 14:52:32 24.1.4.12:53 -> 192.86.6.214:2377 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2381 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2383 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2385 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2387 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2389 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2391 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2393 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2395 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2397 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2399 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2401 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2403 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2405 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2408 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2410 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2412 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2414 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2416 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2418 UDP May 3 14:52:33 24.1.4.12:53 -> 192.86.6.214:2420 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2422 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2424 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2426 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2428 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2430 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2432 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2434 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2436 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2438 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2440 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2442 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2444 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2446 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2448 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2450 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2452 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2454 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2456 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2458 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2460 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2462 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2464 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2466 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2468 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2470 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2472 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2474 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2476 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2478 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2480 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2482 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2484 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2486 UDP May 3 14:52:34 24.1.4.12:53 -> 192.86.6.214:2488 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2490 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2492 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2494 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2496 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2498 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2500 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2502 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2504 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2506 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2508 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2510 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2512 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2514 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2516 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2518 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2520 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2522 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2524 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2526 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2528 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2530 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2532 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2534 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2536 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2538 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2540 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2542 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2544 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2546 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2548 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2550 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2552 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2554 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2556 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2558 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2560 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2562 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2564 UDP May 3 14:52:35 24.1.4.12:53 -> 192.86.6.214:2566 UDP May 3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2568 UDP May 3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2570 UDP May 3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2572 UDP May 3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2574 UDP May 3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2576 UDP May 3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2578 UDP May 3 14:52:36 24.1.4.12:53 -> 192.86.6.214:2580 UDP May 3 14:53:42 24.1.4.12:53 -> 192.86.6.214:2582 UDP May 3 14:53:42 24.1.4.12:53 -> 192.86.6.214:2584 UDP May 3 14:53:43 24.1.4.12:53 -> 192.86.6.214:2586 UDP May 3 14:53:43 24.1.4.12:53 -> 192.86.6.214:2588 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2590 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2592 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2594 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2596 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2598 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2600 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2602 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2604 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2606 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2608 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2610 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2612 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2614 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2616 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2618 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2620 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2622 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2624 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2626 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2628 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2630 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2632 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2634 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2636 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2638 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2640 UDP May 3 14:53:44 24.1.4.12:53 -> 192.86.6.214:2642 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2644 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2646 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2648 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2650 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2652 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2654 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2656 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2658 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2660 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2664 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2666 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2668 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2670 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2672 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2674 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2676 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2678 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2680 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2682 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2684 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2686 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2688 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2690 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2692 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2694 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2696 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2698 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2700 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2702 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2704 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2706 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2708 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2710 UDP May 3 14:53:45 24.1.4.12:53 -> 192.86.6.214:2712 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2714 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2717 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2719 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2721 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2723 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2725 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2727 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2729 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2731 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2733 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2735 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2737 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2739 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2741 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2743 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2745 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2747 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2749 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2751 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2753 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214::2755 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2757 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2759 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2761 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2763 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2765 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2767 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2769 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2771 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2773 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2775 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2777 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2779 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2781 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2783 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2785 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2787 UDP May 3 14:53:46 24.1.4.12:53 -> 192.86.6.214:2789 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2791 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2794 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2796 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2798 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2800 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2802 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2804 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2806 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2808 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2810 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2812 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2814 UDP May 3 14:53:47 24.1.4.12:53 -> 192.86.6.214:2816 UDP May 3 14:53:48 24.1.4.12:53 -> 192.86.6.214:33792 UDP May 3 14:54:11 24.1.4.12:53 -> 192.86.6.214:2829 UDP May 3 14:54:11 24.1.4.12:53 -> 192.86.6.214:2662 UDP May 3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2834 UDP May 3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2836 UDP May 3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2838 UDP May 3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2840 UDP May 3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2842 UDP May 3 14:54:12 24.1.4.12:53 -> 192.86.6.214:2844 UDP May 3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2847 UDP May 3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2849 UDP May 3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2851 UDP May 3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2853 UDP May 3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2855 UDP May 3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2857 UDP May 3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2859 UDP May 3 14:54:13 24.1.4.12:53 -> 192.86.6.214:2861 UDP May 3 15:25:35 24.1.4.12:53 -> 192.86.6.214:2414 UDP May 3 15:25:35 24.1.4.12:53 -> 192.86.6.214:2422 UDP May 3 15:25:36 24.1.4.12:53 -> 192.86.6.214:2430 UDP May 3 15:25:36 24.1.4.12:53 -> 192.86.6.214:2448 UDP May 3 15:25:38 24.1.4.12:53 -> 192.86.6.214:2562 UDP May 3 15:25:39 24.1.4.12:53 -> 192.86.6.214:2511 UDP _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Is this a realy a bogus portscan report? Bob Van Cleef (May 07)
- Re: Is this a realy a bogus portscan report? Martin Roesch (May 07)