LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 09-01-2004, 06:19 PM   #1
sh1ft
Member
 
Registered: Feb 2004
Location: Ottawa, Ontario, Can
Distribution: Slackware, ubuntu
Posts: 391

Rep: Reputation: 31
Snort detects loads of portscans from.. uh.. myself??


Snort is showing me huge amounts of appearent port scans all originating from my ip. This seems to be happening even when i'm idle and not using any internet apps, but i see a huge spike when I start using Gnutella. Here's an excerpt:

Code:
  [snort] spp_portscan: End of portscan from xxxxxx: TOTAL time(857s) hosts(7303) TCP(7479) UDP(0)    	    2004-09-01 19:15:30    	    xxxxx    	    unknown     	    IP    
      	   #1-(11-366)    	   [snort] spp_portscan from xxxxxx: 3 connections across 3 hosts: TCP(3), UDP(0)    	   2004-09-01 19:15:24    	   xxxxx    	   unknown    	   IP   
      	   #2-(11-365)    	   [snort] spp_portscan from xxxxxx: 21 connections across 21 hosts: TCP(21), UDP(0)    	   2004-09-01 19:15:16    	  xxxxx 	   unknown    	   IP   
      	   #3-(11-364)    	   [snort] spp_portscan from xxxxxx: 16 connections across 16 hosts: TCP(16), UDP(0)    	   2004-09-01 19:15:11    	   xxxxx    	   unknown    	   IP   
      	   #4-(11-363)    	   [snort] spp_portscan from xxxxxx: 28 connections across 28 hosts: TCP(28), UDP(0)    	   2004-09-01 19:15:06    	   xxxxxx   	   unknown    	   IP   
      	   #5-(11-362)    	   [snort] spp_portscan from xxxxxx: 19 connections across 19 hosts: TCP(19), UDP(0)    	   2004-09-01 19:15:01    	   xxxxx    	   unknown    	   IP   
      	   #6-(11-361)    	   [snort] spp_portscan from xxxxxx: 26 connections across 26 hosts: TCP(26), UDP(0)    	   2004-09-01 19:14:56    	  xxxxx   	   unknown    	   IP   
      	   #7-(11-360)    	   [snort] spp_portscan from xxxxxx: 37 connections across 37 hosts: TCP(37), UDP(0)    	   2004-09-01 19:14:51    	  xxxxx   	   unknown    	   IP   
      	   #8-(11-359)    	   [snort] spp_portscan from xxxxxx: 22 connections across 22 hosts: TCP(22), UDP(0)
They are all originating from my external ip address. I'm assuming these are false positives, but how do I stop them? They are making my logs basically unreadable.

Last edited by sh1ft; 09-01-2004 at 06:21 PM.
 
Old 09-01-2004, 08:25 PM   #2
iceman47
Senior Member
 
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123

Rep: Reputation: 47
Some advice I once got: http://www.linuxquestions.org/questi...ighlight=snort
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Solaris 9 detects only one LUN Elec490 Solaris / OpenSolaris 2 11-19-2005 09:56 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 02:59 PM
snort failed: snort: symbol lookup error: undefined symbol: usmAES192PrivProtocol Emmanuel_uk Linux - Security 1 07-10-2005 10:29 AM
Detects Soundcard, but I don't get sound SkyeFyre Fedora 7 02-19-2005 05:17 PM
installed dropline, root loads kde3.2, user loads drop pgrimes Linux - Software 7 06-28-2004 06:11 PM


All times are GMT -5. The time now is 02:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration