Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] Portscan

from [Nils Fragoso] Network Security [Permanent Link]
Subject: [Snort-users] Portscan
Date: Thu, 25 Aug 2005 12:19:45 +0200 
Hi Guys,

Do you know why, on Base (v.1.1.3), I can see portscan alerts (see below) 
without dest. address or port numbers, when portscan.log file have all the 
information? 

Base-->  [snort] spp_portscan detected from 10.1.8.23 (THRESHOLD 4 connections 
exceeded in 3 seconds)  2005-08-25 05:09:34  10.1.8.23  unknown  IP  

portscan.log ->  Aug 25 05:09:34 10.1.8.23:17951 -> 10.137.1.1:389 SYN ******S* 

It seems that my remote sensor is not seding all information to my master, 
where the database is.

Snort: v.2.4
Base: 1.1.3
My SQL: 4.1.9

Cheers

Nils
 
This e-mail and its attachments may contain Right Management Consultants Inc. 
proprietary information, which is PRIVILEGED, CONFIDENTIAL, or subject to 
COPYRIGHT belonging to Right Management Consultants, Inc. This e-mail is 
intended solely for the use of the individual or entity to which it is 
addressed. If you are not the intended recipient of this e-mail, or the 
employee or agent responsible for delivering this e-mail to the intended 
recipient, you are hereby notified that any dissemination, distribution, 
copying, or action taken in relation to the contents of and attachments to this 
e-mail is STRICTLY PROHIBITED and may be UNLAWFUL. If you have received this 
e-mail in error, please notify the sender immediately and permanently delete 
the original and any copy of this e-mail and any printout. Thank You.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-users] Portscan, Nils Fragoso <=
Previous by Date:  RE: [Snort-users] Help newb understand how Snort is supposed to run., Patrick Harper
Next by Date:  Re: [Snort-users] Snort-Inline, IPTables and Performance, Will Metcalf
Previous by Thread:  [Snort-users] Almost there! Complaining about no MySQL support after recompiling with --with-mysql, Chris W. Parker
Next by Thread:  [Snort-users] snort inline with mysql, deny
Indexes:  [Date] [Thread] [Top] [All Lists]