My SME is generating large numbers of apparent portscans. They all come from different ports on our machine (for security I've xx'd out part of our IP address) and target what appear to be random ports on other machines.
Examples are below:
Is this normal behavior for SME or am I compromised? Any thoughts? Comments?
-Warren Agin (to respond directly, remove "[spam]" from my e-mail address)
Mar 6 22:39:37 shapirolaw snort: [117:1:1] (spp_portscan2) Portscan detected from 204.214.xxx.xxx: 6 targets 11 ports in 37 seconds {UDP} 204.214.xxx.xxx:1735 -> 24.240.141.241:53
Mar 6 22:40:09 shapirolaw snort: [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [Classification: Misc activity] [Priority: 3]: {ICMP} 64.230.242.82 -> 204.214.60.251
Mar 6 22:41:25 shapirolaw snort: [117:1:1] (spp_portscan2) Portscan detected from 204.214.xxx.xxx: 5 targets 21 ports in 25 seconds {TCP} 204.214.xxx.xxx:25 -> 200.168.39.88:46635
Mar 6 22:42:33 shapirolaw snort: [117:1:1] (spp_portscan2) Portscan detected from 204.214.xxx.xxx: 4 targets 21 ports in 29 seconds {TCP} 204.214.xxx.xxx:25 -> 211.185.35.195:4605
Mar 6 22:43:25 shapirolaw snort: [117:1:1] (spp_portscan2) Portscan detected from 204.214.xxx.xxx: 6 targets 15 ports in 21 seconds {TCP} 204.214.xxx.xxx:3176 -> 195.85.184.242:113
Mar 6 22:43:37 shapirolaw snort: [117:1:1] (spp_portscan2) Portscan detected from 204.214.xxx.xxx: 6 targets 21 ports in 33 seconds {TCP} 204.214.xxx.xxx:25 -> 211.185.35.195:3017
Mar 6 22:44:35 shapirolaw snort: [117:1:1] (spp_portscan2) Portscan detected from 204.214.xxx.xxx: 5 targets 21 ports in 31 seconds {TCP} 204.214.xxx.xxx:25 -> 200.168.39.88:46831
0 Replies
458 Views