Snort mailing list archives
Spp_portscan2
From: "Bell, Josh" <josh.bell () guidancesoftware com>
Date: Wed, 7 Jan 2004 15:52:07 -0800
I am seeing frequent occurences of the alert below: [**] [117:1:1] (spp_portscan2) Portscan detected from <inside ip>: 6 targets 6 ports in 28 seconds [**] 01/07-15:45:30.576389 <inside ip>:2403 -> <public ip>:80 TCP TTL:127 TOS:0x0 ID:57864 IpLen:20 DgmLen:48 DF ******S* Seq: 0x737F57F6 Ack: 0x0 Win: 0xFAF0 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK I've observed that this tends to happen when a user launches Internet Explorer and has their homepage set to the default Microsoft puts in there. Does this just have something to do with the redirection they do? Or the version check? Does anybody know for sure? BTW I'm running Snort 2.0.5 (wow...gotta upgrade) on SuSE 9. Josh Bell Manager of I.T. Note: The information contained in this message may be privileged and confidential and thus protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Spp_portscan2 Bell, Josh (Jan 07)