[luau] Help deciphering portscan entries in /var/log/messages
Ben Beeson
beesond001 at hawaii.rr.com
Wed Dec 11 22:42:00 PST 2002
Aloha,
I have several entries in my router's /var/log/messages that look like this
one.
Dec 11 20:12:50 router snort: [117:1:1] (spp_portscan2) Portscan detected
from 66.8.222.33: 6 targets 9 ports in 20 seconds {TCP} 66.8.222.33:49582 ->
12.246.156.221:6346
I'm curious why the log shows two IP addresses that aren't mine. Is that
because snort is seeing the traffic pass my external interface, or is
something else up? Obviously something is triggering snort, but I'm not sure
it isn't something innocent like a IPC chat session or something like it.
Any ideas???
Mahalos in advance,
Ben
More information about the LUAU
mailing list