Snort mailing list archives
Re: spp_portscan, is this something to be worried about
From: Michael Boman <michael.boman () securecirt com>
Date: Fri, 7 Dec 2001 11:23:55 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 07 December 2001 10:42, Ronneil Camara wrote:
I'm a receiving so many traffic from our dns server specifically spp_portscan. Is this something to be worried about? Is our dns server compromised if it is so chatty about portscans? Thanks. Neil
DNS servers has a tendency to create portscan alerts as they answer allot of queries for allot of hosts. Either modify the trashhold for the portscan preprocessor or tell it to ignore your DNS servers. Best regards Michael Boman - -- Michael Boman Mobile: +65 96942601 750C Chai Chee Road Security Architect Phone : +65 243 6800 #04-01 SecureCiRT Fax : +65 441 5119 Singapore 469003 http://www.securecirt.com mailto:michael.boman () securecirt com GnuPG: FA4E C6CC B73E 320E 3349 C64F 76CE 5F40 98AB 689C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8EDZQds5fQJiraJwRAsEfAKC1l8ttqWMTs1p7fXWUnOeJtTkmzQCfa2iQ kQBBph7/pfaYzczh06IgCnw= =uD7Q -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_portscan, is this something to be worried about Ronneil Camara (Dec 06)
- Re: spp_portscan, is this something to be worried about Michael Boman (Dec 06)
- Re: spp_portscan, is this something to be worried about Arvind Clemente (Dec 06)