[plug] portscans
garry
bigbadbill at dingoblue.net.au
Tue Sep 25 18:13:55 WST 2001
Could the list have had a look at the intrusion detection log extract (below)
and tell me if this is something to worry about please?
This was in a 65 min period, there was 61 events logged all up!
Have the lot saved in a text file of 10kb, but I've not posted it, for
brevity...
Regards,
Garry.
SmoothWall IDS snort log
Date: 25 September
Date: 09/25 16:30:20
Name: spp_portscan: PORTSCAN DETECTED from 203.2.75.2 (THRESHOLD 4
connections exceeded in 8 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:
Date: 09/25 16:30:31
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: n/a
Type: n/a
IP Info: 198.142.91.160:61023 -> 64.4.60.204:80
Refs:
Date: 09/25 16:30:50
Name: spp_portscan: portscan status from 203.2.75.2: 5 connections across 1
hosts: TCP(0), UDP(5)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:
More information about the plug
mailing list