Snort mailing list archives

Re: spp_portscan, is this something to be worried about

From: Michael Boman <michael.boman () securecirt com>
Date: Fri, 7 Dec 2001 11:23:55 +0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 07 December 2001 10:42, Ronneil Camara wrote:

I'm a receiving so many traffic from our dns server specifically
spp_portscan. Is this something to be worried about? Is our dns server
compromised if it is so chatty about portscans?

Thanks.

Neil


DNS servers has a tendency to create portscan alerts as they answer allot of 
queries for allot of hosts. Either modify the trashhold for the portscan 
preprocessor or tell it to ignore your DNS servers.

Best regards
 Michael Boman

- -- 
Michael Boman       Mobile: +65 96942601  750C Chai Chee Road
Security Architect  Phone : +65 243 6800  #04-01
SecureCiRT          Fax   : +65 441 5119  Singapore 469003
http://www.securecirt.com mailto:michael.boman () securecirt com

GnuPG: FA4E C6CC B73E 320E 3349  C64F 76CE 5F40 98AB 689C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8EDZQds5fQJiraJwRAsEfAKC1l8ttqWMTs1p7fXWUnOeJtTkmzQCfa2iQ
kQBBph7/pfaYzczh06IgCnw=
=uD7Q
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

spp_portscan, is this something to be worried about Ronneil Camara (Dec 06)
- Re: spp_portscan, is this something to be worried about Michael Boman (Dec 06)
- Re: spp_portscan, is this something to be worried about Arvind Clemente (Dec 06)