Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-users > 03 > 020528.html (Request Expert snort.org Support)

[Snort-users] alert (spp_portscan2) Portscan

From: Always Bishan <bishan4u(at)yahoo.co.uk>
Date: Fri Feb 28 2003 - 04:48:50 EST


hi

As per the subject,I get this alert in my ACID running snort 1.9:

(spp_portscan2) Portscan detected from 192.168.1.3: 4
targets 21 ports in 18 seconds

here the source is 192.168.1.3 and destination is 192.168.1.1 (gateway). But I never ran any portscanner from 192.168.1.3 :( any pointers
what to do?

I also get this alert:
(spp_portscan2) Portscan detected from 192.168.0.1: 2
targets 21 ports in 39 seconds for destination 192.168.0.3

what to do?

and Where do I see the rule file for this?

I couldnot see this rule anywhere in rules directory.

Do you need help?X

Regards,

Bishan


Celebrating Happinessemail: bishan@sumerusolutions.comcompany: www.sumerusolutions.com

Do You Yahoo!?
Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Fri Feb 28 04:51:53 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:49:56 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library