Re: [Snort-users] (portscan) Open Port:

That's the sfportscan preprocessor [0]

Bammkkkk

[0] http://www.snort.org/docs/snort_htma...00000000000000



On 9/7/06, Mark Rohrbeck <mark.rohrbeck@gmail.com> wrote:
>
>
>
>
>
> Hi all,
>
>
>
> I am getting thousands of these portscans (Below are 3 examples) They are basically all from my exchange server to different IP addresses mainly on port 25 I have noticed a few of 53 too. They are all going to addresses on the internet and I am not sure if I should be concerned or not, they are happening continuously all through the day.
>
>
>
> If I can offer any more information please let me know, I would really like to get to the bottom of this, I have googled away and find similar posts but no answers.
>
>
>
> When I click on the link to Snort it says
>
>
> GEN:SID
>
> 1:27
>
>
> Message
>
> Sorry, no such sid-gen (1:27)
>
>
>
>
>
> Any help greatly appreciated.
> Thanks

--
sguil - The Analyst Console for NSM
http://sguil.sf.net

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users