Snort mailing list archives
Snort 1.9 and spp_portscan2
From: Vlad Gavrila <branix () xnet ro>
Date: Sun, 02 Mar 2003 11:03:52 +0200
Hi!I have recently installed Snort 1.9 on a Linux box that also acts as a proxy and dns server for my lan.
After having it run for a few hours, I found many portscan logs targeted against my server, that have the source port either 80 or 53. I know that these come from sequential response to either http or dns requests.
My problem is blocking those connections that are using 80 or 53 as their source port. Is there a way to solve this?
Thanks in advance, Vlad ------------------------------------------------------- Xnet scaneaza automat toate mesajele impotriva virusilor folosind RAV AntiVirus. Xnet automatically scans all messages for viruses using RAV AntiVirus. Nota: RAV AntiVirus poate sa nu detecteze toti virusii noi sau toate variantele lor. Va rugam sa luati in considerare ca exista un risc de fiecare data cand deschideti fisiere atasate si ca MobiFon nu este responsabila pentru nici un prejudiciu cauzat de virusi. Disclaimer: RAV AntiVirus may not be able to detect all new viruses and variants. Please be aware that there is a risk involved whenever opening e-mail attachments to your computer and that MobiFon is not responsible for any damages caused by viruses. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9 and spp_portscan2 Vlad Gavrila (Mar 02)
- Re: Snort 1.9 and spp_portscan2 Erek Adams (Mar 03)
- Re: Snort 1.9 and spp_portscan2 Vlad Gavrila (Mar 03)
- <Possible follow-ups>
- Re:Snort 1.9 and spp_portscan2 Always Bishan (Mar 03)
- Re: Snort 1.9 and spp_portscan2 Erek Adams (Mar 03)