Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Port Scan

From: "Michael Kopach" <kopam () augustana ab ca>
Date: Thu, 17 Oct 2002 12:01:52 -0600
These snippets are from snort 1.9.0. I'm not sure what scanner produces
these packets, but if anyone can tell me what program produced them, I
would be very interested in knowing.



[**] [117:1:1] (spp_portscan2) Portscan detected from 199.185.3.123: 6
targets
6 ports in 0 seconds [**]
10/16-01:01:27.318838 199.185.3.123:1024 -> 216.220.40.243:53
UDP TTL:64 TOS:0x0 ID:60198 IpLen:20 DgmLen:66
Len: 46


[**] [117:1:1] (spp_portscan2) Portscan detected from 199.185.3.123: 6
targets
7 ports in 11 seconds [**]
10/16-01:50:51.938729 199.185.3.123:1024 -> 202.104.32.253:53
UDP TTL:64 TOS:0x0 ID:60504 IpLen:20 DgmLen:54
Len: 34


[**] [117:1:1] (spp_portscan2) Portscan detected from 199.185.3.123: 6
targets
8 ports in 3 seconds [**]
10/16-02:58:01.912627 199.185.3.123:1024 -> 202.104.32.251:53
UDP TTL:64 TOS:0x0 ID:60741 IpLen:20 DgmLen:54
Len: 34


[**] [117:1:1] (spp_portscan2) Portscan detected from 199.185.3.123: 6
targets
6 ports in 397 seconds [**]
10/16-09:00:15.901768 199.185.3.123:1024 -> 129.128.4.241:53
UDP TTL:64 TOS:0x0 ID:63968 IpLen:20 DgmLen:71
Len: 51

[**] [117:1:1] (spp_portscan2) Portscan detected from 199.185.3.123: 6
targets
11 ports in 39 seconds [**]
10/16-19:48:47.017675 199.185.3.123:1024 -> 209.202.193.252:53
UDP TTL:64 TOS:0x0 ID:22428 IpLen:20 DgmLen:55
Len: 35

Thanks ... Mike


[**] [117:1:1] (spp_portscan2) Portscan detected from 199.185.3.123: 6
targets
8 ports in 8 seconds [**]
10/16-21:04:21.236845 199.185.3.123:1024 -> 216.220.40.244:53
UDP TTL:64 TOS:0x0 ID:22944 IpLen:20 DgmLen:67
Len: 47



-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: