Snort is showing me huge amounts of appearent port scans all originating from my ip. This seems to be happening even when i'm idle and not using any internet apps, but i see a huge spike when I start using Gnutella. Here's an excerpt:
Code:
[snort] spp_portscan: End of portscan from xxxxxx: TOTAL time(857s) hosts(7303) TCP(7479) UDP(0) 2004-09-01 19:15:30 xxxxx unknown IP
#1-(11-366) [snort] spp_portscan from xxxxxx: 3 connections across 3 hosts: TCP(3), UDP(0) 2004-09-01 19:15:24 xxxxx unknown IP
#2-(11-365) [snort] spp_portscan from xxxxxx: 21 connections across 21 hosts: TCP(21), UDP(0) 2004-09-01 19:15:16 xxxxx unknown IP
#3-(11-364) [snort] spp_portscan from xxxxxx: 16 connections across 16 hosts: TCP(16), UDP(0) 2004-09-01 19:15:11 xxxxx unknown IP
#4-(11-363) [snort] spp_portscan from xxxxxx: 28 connections across 28 hosts: TCP(28), UDP(0) 2004-09-01 19:15:06 xxxxxx unknown IP
#5-(11-362) [snort] spp_portscan from xxxxxx: 19 connections across 19 hosts: TCP(19), UDP(0) 2004-09-01 19:15:01 xxxxx unknown IP
#6-(11-361) [snort] spp_portscan from xxxxxx: 26 connections across 26 hosts: TCP(26), UDP(0) 2004-09-01 19:14:56 xxxxx unknown IP
#7-(11-360) [snort] spp_portscan from xxxxxx: 37 connections across 37 hosts: TCP(37), UDP(0) 2004-09-01 19:14:51 xxxxx unknown IP
#8-(11-359) [snort] spp_portscan from xxxxxx: 22 connections across 22 hosts: TCP(22), UDP(0)
They are all originating from my external ip address. I'm assuming these are false positives, but how do I stop them? They are making my logs basically unreadable.
