Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Portscans using spp_portscan

From: Shane Machon <shane () twoplums com au>
Date: Wed, 17 Oct 2001 13:51:11 +1000
Greetings,

I am seeing constant portscans from my local ip address when running the
stream4 detect portscans plugin. 

spp_portscan: PORTSCAN DETECTED from (My Local IP)
spp_portscan: portscan status from (My Local IP): 1 connections across 1
hosts: TCP(1), UDP(0)
spp_portscan: portscan status from (My Local IP): 2 connections across 2
hosts: TCP(1), UDP(1)
spp_portscan: portscan status from (My Local IP): 1 connections across 1
hosts: TCP(1), UDP(0)
...........................

How is this possible? Nobody is running a portscanner of any type from
this machine, the system is not running dns or web traffic (only smtp).

Am i missing something simple? Should I be worried?

Using Redhat 7.0 Snort 1.8.1 RPM Package (no DB Support)

Any help appreciated.

Cheers,
Shane.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: