Snort mailing list archives
port scan question
From: "tony cowling" <tonycowling () sympatico ca>
Date: Mon, 14 Feb 2005 23:43:46 -0500
Is there a normal level of port scan traffic on a network? This is an example I have with 192.168.0.0 255.255.255.0 home network And 192.168.1.0 255.255.255.0 being a connected network via vpn. Should I be concerned? [**] (portscan) TCP Portsweep [**] 02/14-15:25:50.360513 192.168.1.82 -> 192.168.0.12 PROTO255 TTL:0 TOS:0x0 ID:49200 IpLen:20 DgmLen:173 50 72 69 6F 72 69 74 79 20 43 6F 75 6E 74 3A 20 Priority Count: 35 0A 43 6F 6E 6E 65 63 74 69 6F 6E 20 43 6F 75 5.Connection Cou 6E 74 3A 20 32 0A 49 50 20 43 6F 75 6E 74 3A 20 nt: 2.IP Count: 35 0A 53 63 61 6E 6E 65 64 20 49 50 20 52 61 6E 5.Scanned IP Ran 67 65 3A 20 31 39 32 2E 31 36 38 2E 30 2E 35 3A ge: 192.168.0.5: 31 39 32 2E 31 36 38 2E 30 2E 31 32 0A 50 6F 72 192.168.0.12.Por 74 2F 50 72 6F 74 6F 20 43 6F 75 6E 74 3A 20 36 t/Proto Count: 6 0A 50 6F 72 74 2F 50 72 6F 74 6F 20 52 61 6E 67 .Port/Proto Rang 65 3A 20 38 30 3A 31 30 32 36 0A e: 80:1026.
Current thread:
- port scan question tony cowling (Feb 14)