Hi,
I have a small server running Debian Sarge, with all the latest security updates applied.
I have snort running, which emails me a report every morning.
I keep getting messages like this:
Code:
Events from same host to same destination using same method
=========================================================================
# of from to method
=========================================================================
3 65.54.188.57 192.168.1.1 WEB-MISC robots.txt access
2 192.168.1.1 xxx.xxx.xxx.xxx (portscan) TCP Portsweep
2 192.168.1.1 xxx.xxx.xxx.xxx (portscan) TCP Portsweep
(The "to" addresses I blocked out are miscellaneous machines on the internet, that are nothing to do with me)
What I would like to know is:
* What is a TCP portsweep - I guess it is some kind of port scan?
* Why is my machine portsweeping those other machines?
* Is this anything to worry about - have I been hacked?
Thanks is advance
--Ian