snort log

Subject: snort log
From: JEREMY HODDER (jeremy@jdhodder.no-ip.com)
Date: Mon May 26 2003 - 20:56:33 AKDT

I was going through my logs and was wondering should I be worrying about and
of these? Is there a good way to test my firewall?

thanks

Jeremy
jeremy@jhodder.no-ip.com

SmoothWall IDS snort log
Date: 25 May

Date: 05/25 05:11:23
Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83 (THRESHOLD 4
connections exceeded in 2 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:12:03
Name: spp_portscan: portscan status from 207.217.120.83: 7 connections
across 1 hosts: TCP(0), UDP(7)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:12:37
Name: spp_portscan: portscan status from 207.217.120.83: 4 connections
across 1 hosts: TCP(0), UDP(4)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:14:23
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:15:35
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:20:54
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:22:17
Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL time(573s)
hosts(1) TCP(0) UDP(14)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:29:46
Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83 (THRESHOLD 4
connections exceeded in 2 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:30:02
Name: spp_portscan: portscan status from 207.217.120.83: 7 connections
across 1 hosts: TCP(0), UDP(7)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:30:47
Name: spp_portscan: portscan status from 207.217.120.83: 5 connections
across 1 hosts: TCP(0), UDP(5)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:31:08
Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
across 1 hosts: TCP(0), UDP(2)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:32:18
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:33:08
Name: spp_portscan: portscan status from 207.217.120.83: 3 connections
across 1 hosts: TCP(0), UDP(3)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:34:15
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:34:36
Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
across 1 hosts: TCP(0), UDP(2)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:34:50
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:35:09
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:35:54
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:38:14
Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
across 1 hosts: TCP(0), UDP(2)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:39:04
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:39:20
Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
across 1 hosts: TCP(0), UDP(2)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:39:32
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:40:12
Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL time(588s)
hosts(1) TCP(0) UDP(30)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:49:32
Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83 (THRESHOLD 4
connections exceeded in 2 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:49:36
Name: spp_portscan: portscan status from 207.217.120.83: 6 connections
across 1 hosts: TCP(0), UDP(6)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:49:43
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:49:59
Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
across 1 hosts: TCP(0), UDP(2)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:50:54
Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
across 1 hosts: TCP(0), UDP(2)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:51:04
Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL time(84s)
hosts(1) TCP(0) UDP(11)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:52:21
Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83 (THRESHOLD 4
connections exceeded in 3 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:53:11
Name: spp_portscan: portscan status from 207.217.120.83: 6 connections
across 1 hosts: TCP(0), UDP(6)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:54:30
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:54:39
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:54:57
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:55:31
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:56:20
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:56:28
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:56:43
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:56:59
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:57:21
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 05:58:04
Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL time(303s)
hosts(1) TCP(0) UDP(15)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 06:32:59
Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83 (THRESHOLD 4
connections exceeded in 2 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 06:35:55
Name: spp_portscan: portscan status from 207.217.120.83: 9 connections
across 1 hosts: TCP(0), UDP(9)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 06:37:20
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 06:39:52
Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL time(263s)
hosts(1) TCP(0) UDP(10)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 08:16:43
Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83 (THRESHOLD 4
connections exceeded in 4 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 08:20:57
Name: spp_portscan: portscan status from 207.217.120.83: 6 connections
across 1 hosts: TCP(0), UDP(6)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 08:34:37
Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL time(258s)
hosts(1) TCP(0) UDP(6)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 11:54:24
Name: ICMP PING NMAP
Priority: 2
Type: Attempted Information Leak
IP Info: 216.79.10.141:n/a -> 12.17.141.226:n/a
Refs: http://www.whitehats.com/info/IDS162,

Date: 05/25 13:42:05
Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83 (THRESHOLD 4
connections exceeded in 3 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 13:43:18
Name: spp_portscan: portscan status from 207.217.120.83: 5 connections
across 1 hosts: TCP(0), UDP(5)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 13:44:06
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 13:48:05
Name: spp_portscan: portscan status from 207.217.120.83: 3 connections
across 1 hosts: TCP(0), UDP(3)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 13:49:32
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 13:49:57
Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
across 1 hosts: TCP(0), UDP(1)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 14:00:42
Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL time(475s)
hosts(1) TCP(0) UDP(11)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 15:10:00
Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83 (THRESHOLD 4
connections exceeded in 3 seconds)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 15:10:36
Name: spp_portscan: portscan status from 207.217.120.83: 9 connections
across 1 hosts: TCP(0), UDP(9)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/25 15:17:30
Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL time(39s)
hosts(1) TCP(0) UDP(9)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

SmoothWall IDS snort log
Date: 26 May

Date: 05/26 08:58:38
Name: spp_portscan: PORTSCAN DETECTED from 204.60.137.10 (STEALTH)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/26 08:58:38
Name: SCAN SYN FIN
Priority: 2
Type: Attempted Information Leak
IP Info: 204.60.137.10:8000 -> 12.17.141.226:8000
Refs: http://www.whitehats.com/info/IDS198,

Date: 05/26 09:01:46
Name: spp_portscan: portscan status from 204.60.137.10: 1 connections across
1 hosts: TCP(1), UDP(0) STEALTH
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/26 09:07:39
Name: spp_portscan: End of portscan from 204.60.137.10: TOTAL time(0s)
hosts(1) TCP(1) UDP(0) STEALTH
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/26 13:41:31
Name: ICMP PING NMAP
Priority: 2
Type: Attempted Information Leak
IP Info: 216.79.10.141:n/a -> 12.17.141.226:n/a
Refs: http://www.whitehats.com/info/IDS162,

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

This archive was generated by hypermail 2a23 : Mon May 26 2003 - 20:56:32 AKDT