Confused about rules and logs

[b311b-snort () theotherbell com]

I'm running snort version 1.7 on a NetBSD Firewall.  I start it with -D -c /usr/local/share/snort/rules.conf -s.  I got 
my rules file from http://whitehats.com/ids/ and my local network is 192.168.2.0/24.

Everything seems to work ok, but I have one Doze box that is constantly generating 1000's of entries per day to 
/var/log/snort/log that look like this:

[**] spp_portscan: portscan status from 192.168.2.252: 3 connections across 3 hosts: TCP(0), UDP(3) [**]

There's a series of new log messages generated once every 7 or 8 seconds.  I have other Doze boxes on the network that 
do not generate these messages.  The PC that's generating the messages has been scanned for viruses and spyware... and 
I've shut down all non-critical processes and they just keep coming.  There are no alerts.  How do I go about figuring 
out what's generating these messages?  And if they're harmless, how do I fix things so they're not logged?

Thanks.

Brenda Bell
Henniker (the only one on earth)
New Hampshire (the state with 5 seasons: black fly, tourist, foliage, ski and mud)




-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users