Snort mailing list archives

Previous By Date Next
Previous By Thread Next

false attacks

From: "Birkir Björnsson" <Birkir.Bjornsson () islandssimi is>
Date: Fri, 10 Aug 2001 16:10:45 +0000
How would get rid off these kind of portscans from your logs?

[**] [100:2:1] spp_portscan: portscan status from 193.4.194.5: 14
connections across 1 hosts: TCP(0), UDP(14) [**]
08/10-15:33:12.828338

That ip-address is my nameserver. And from this line would you say the
porstscan is being pointed to
my snort server ?



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: