Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-01-2004, 06:19 PM   #1
Registered: Feb 2004
Location: Ottawa, Ontario, Can
Distribution: Slackware, ubuntu
Posts: 391

Rep: Reputation: 31
Snort detects loads of portscans from.. uh.. myself??

Snort is showing me huge amounts of appearent port scans all originating from my ip. This seems to be happening even when i'm idle and not using any internet apps, but i see a huge spike when I start using Gnutella. Here's an excerpt:

  [snort] spp_portscan: End of portscan from xxxxxx: TOTAL time(857s) hosts(7303) TCP(7479) UDP(0)    	    2004-09-01 19:15:30    	    xxxxx    	    unknown     	    IP    
      	   #1-(11-366)    	   [snort] spp_portscan from xxxxxx: 3 connections across 3 hosts: TCP(3), UDP(0)    	   2004-09-01 19:15:24    	   xxxxx    	   unknown    	   IP   
      	   #2-(11-365)    	   [snort] spp_portscan from xxxxxx: 21 connections across 21 hosts: TCP(21), UDP(0)    	   2004-09-01 19:15:16    	  xxxxx 	   unknown    	   IP   
      	   #3-(11-364)    	   [snort] spp_portscan from xxxxxx: 16 connections across 16 hosts: TCP(16), UDP(0)    	   2004-09-01 19:15:11    	   xxxxx    	   unknown    	   IP   
      	   #4-(11-363)    	   [snort] spp_portscan from xxxxxx: 28 connections across 28 hosts: TCP(28), UDP(0)    	   2004-09-01 19:15:06    	   xxxxxx   	   unknown    	   IP   
      	   #5-(11-362)    	   [snort] spp_portscan from xxxxxx: 19 connections across 19 hosts: TCP(19), UDP(0)    	   2004-09-01 19:15:01    	   xxxxx    	   unknown    	   IP   
      	   #6-(11-361)    	   [snort] spp_portscan from xxxxxx: 26 connections across 26 hosts: TCP(26), UDP(0)    	   2004-09-01 19:14:56    	  xxxxx   	   unknown    	   IP   
      	   #7-(11-360)    	   [snort] spp_portscan from xxxxxx: 37 connections across 37 hosts: TCP(37), UDP(0)    	   2004-09-01 19:14:51    	  xxxxx   	   unknown    	   IP   
      	   #8-(11-359)    	   [snort] spp_portscan from xxxxxx: 22 connections across 22 hosts: TCP(22), UDP(0)
They are all originating from my external ip address. I'm assuming these are false positives, but how do I stop them? They are making my logs basically unreadable.

Last edited by sh1ft; 09-01-2004 at 06:21 PM.
Old 09-01-2004, 08:25 PM   #2
Senior Member
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123

Rep: Reputation: 47
Some advice I once got:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Solaris 9 detects only one LUN Elec490 Solaris / OpenSolaris 2 11-19-2005 09:56 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 02:59 PM
snort failed: snort: symbol lookup error: undefined symbol: usmAES192PrivProtocol Emmanuel_uk Linux - Security 1 07-10-2005 10:29 AM
Detects Soundcard, but I don't get sound SkyeFyre Fedora 7 02-19-2005 05:17 PM
installed dropline, root loads kde3.2, user loads drop pgrimes Linux - Software 7 06-28-2004 06:11 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:16 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration