Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Ewald on March 27, 2002, 02:02:00 PM

Title: Is my server scanning?
Post by: Ewald on March 27, 2002, 02:02:00 PM: Greetings!

I have an E-Smith Server and Gateway. Between The public NIC and my cable-modem is a hub. Now i installed a second server with snort. The NIC is connected to the hub. Snortreport now shows some alerts. One of the alerts seems like my server makes portscans.

spp_portscan: PORTSCAN DETECTED from [My_IP_Adress] (THRESHOLD 4 connections exceeded in 1 seconds)

I dont know if this is standard or if something is bad with my server.

Thanks for helping, Ewald
Title: Re: Is my server scanning?
Post by: Gene Pinson on April 03, 2002, 06:44:39 AM: Most times these are off of DNS calls, does it specify which ports are affected? And weither it is tcp or udp traffic?Ewald wrote:
>
> Greetings!
>
> I have an E-Smith Server and Gateway. Between The public NIC
> and my cable-modem is a hub. Now i installed a second server
> with snort. The NIC is connected to the hub. Snortreport now
> shows some alerts. One of the alerts seems like my server
> makes portscans.
>
> spp_portscan: PORTSCAN DETECTED from [My_IP_Adress]
> (THRESHOLD 4 connections exceeded in 1 seconds)
>
> I dont know if this is standard or if something is bad with
> my server.
>
> Thanks for helping, Ewald

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies