[ previous ] [ next ] [ threads ]
 
 From:  Eric Gregory <eric at gatewayconnections dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Strange output in snort log
 Date:  Wed, 18 Aug 2004 12:03:43 -0500 
I am running * 1.1b17* with the snort contribution from CD rom.  I'm not 
100% sure that my snort.conf is exactly like it should be so that may be 
why this message isn't as helpful as it could be.

this is the message I keep seeing in the snort log. 

snort: [117:1:1] (spp_portscan2) Portscan detected from xxx.xxx.xxx.233: 
6 targets 6 ports in 8 seconds {TCP} xxx.xxx.xxx.233:64654 -> 
10.10.10.10:6667

The message appears repeatedly, the destination is always different 
ports change bu tthe outside interface stays the same.

xxx.xxx.xxx.233 is my outside interface. my inside IP  is 
192.168.0.1/24.  Am I correct in thinking that  I most likely have some 
kind of device on my network scanning ports for some reason and that my 
snort config is just reporting the outside interface because of some 
error in my snort.conf. 

Does anyone have a snort.conf that works well with MonoWall  I've never 
used snort before so this is a learning experience for me.

Thanks
Eric**