LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page MNF spp_portscan... portscanning out? (Snort)
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-21-2004, 12:50 PM   #1
scammeh^
Member
 
Registered: Oct 2003
Location: Northampton, England
Distribution: MNF 8.2 SUSE 9.3
Posts: 32

Rep: Reputation: 15
MNF spp_portscan... portscanning out? (Snort)

Going through the logs on our Firewall today, (running Mandrake Network Security) and found Snort kept throwing up the following:

Jan 21 17:59:00 snort spp_portscan: portscan status from --.---.---.---: 2 connections across 2 hosts: TCP(2), UDP(0)

The ip there was our own, so is spp_portscan scanning a bunch of hosts? Going through more detialed logs of Snort it certainly appeared so:

Jan 21 17:55:14 --.---.---.---:34074 -> 217.75.109.231:80 SYN ******S*
Jan 21 17:55:23 --.---.---.---:34075 -> 204.73.202.34:80 SYN ******S*
Jan 21 17:55:25 --.---.---.---:34076 -> 204.73.202.34:80 SYN ******S*
Jan 21 17:56:02 --.---.---.---:34077 -> 216.239.39.99:80 SYN ******S*
Jan 21 17:56:03 --.---.---.---:34078 -> 217.75.109.231:80 SYN ******S*
Jan 21 17:56:09 --.---.---.---:34079 -> 216.239.39.99:80 SYN ******S*
Jan 21 17:56:11 --.---.---.---:34080 -> 216.239.39.99:80 SYN ******S*
Jan 21 17:56:11 --.---.---.---:34085 -> 62.30.31.74:80 SYN ******S*
Jan 21 17:56:13 --.---.---.---:34086 -> 63.88.212.82:80 SYN ******S*
Jan 21 17:56:13 --.---.---.---:34088 -> 63.88.212.82:80 SYN ******S*
Jan 21 17:59:00 --.---.---.---:34089 -> 205.214.67.168:2095 SYN ******S*
Jan 21 17:59:07 --.---.---.---:34090 -> 205.214.67.168:2095 SYN ******S*

What the hecks going on!? We've scanned all the computers on the network connected for viruses/trojans that may be doing this, but nothing!

I phoned up our ISP and they didnt seem to know either, only that there may be something lurking somewhere on the network scanning outward.

The log did contain a couple of instances of portscans from a remote location in America though... neither this nor the outbound scans have happened before.

Any help would be greatly appreciated... Cheers!!!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about portscanning eka Linux - Security 3 11-11-2005 11:10 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 02:59 PM
MNF to MNF VPN jillges Linux - Networking 7 03-16-2004 03:48 PM
spp_portscan - portscanning out? scammeh^ Linux - Networking 0 01-22-2004 01:28 PM
to stop portscanning ashis Linux - Security 7 06-14-2001 03:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:41 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration