Re: about the sfportscan

[waldo kitty <wkitty42 () windstream net>]

On 12/7/2010 01:31, ll wrote:
> hi,all
> I confuse about the sfportscan processor. I'm not clearly know what is the log means .
> here is from the log file
> Time: 12/07-14:08:27.749408
> event_ref: 0
> 210.X.X.221 ->  211.103.154.21 (portscan) TCP Portsweep
> Priority Count: 8
> Connection Count: 9
> IP Count: 5
> Scanned IP Range: 61.164.110.113:211.103.154.21
> Port/Proto Count: 5
> Port/Proto Range: 80:4004
>
> the ip 210.X.X.221 is in the network ,what I want to protect.it's a web server .
>
> I want to know is it means the ip 210.X.X.221 scan the outside host ? I'm not sure what the direct
> is ,in or out?

it is out because the string indicates so...

210.X.X.221 ->  211.103.154.21 (portscan) TCP Portsweep

the '->' between the IPs shows which it is from and which it is going to...

------------------------------------------------------------------------------
What happens now with your Lotus Notes apps - do you make another costly 
upgrade, or settle for being marooned without product support? Time to move
off Lotus Notes and onto the cloud with Force.com, apps are easier to build,
use, and manage than apps on traditional platforms. Sign up for the Lotus 
Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users