Re: snort log

Subject: Re: snort log
i-robot@gci.net
Date: Tue May 27 2003 - 06:05:48 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Paul Carr: "Javascript Error"
• Previous message: Stanley Long: "LinuxTag to SCO: desist from unfair competitive practices"
• Maybe in reply to: JEREMY HODDER: "snort log"
• Maybe reply: i-robot@gci.net: "Re: snort log"
• Reply: i-robot@gci.net: "Re: snort log"

Funny seeing those again! I posted the same attack a month or two ago.
They should stop soon...

Adam

----- Original Message -----
From: JEREMY HODDER <jeremy@jdhodder.no-ip.com>
Date: Tuesday, May 27, 2003 0:56 am
Subject: snort log

>
> I was going through my logs and was wondering should I be worrying
> about and
> of these? Is there a good way to test my firewall?
>
> thanks
>
> Jeremy
> jeremy@jhodder.no-ip.com
>
> SmoothWall IDS snort log
> Date: 25 May
>
> Date: 05/25 05:11:23
> Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83
> (THRESHOLD 4
> connections exceeded in 2 seconds)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:12:03
> Name: spp_portscan: portscan status from 207.217.120.83: 7 connections
> across 1 hosts: TCP(0), UDP(7)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:12:37
> Name: spp_portscan: portscan status from 207.217.120.83: 4 connections
> across 1 hosts: TCP(0), UDP(4)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:14:23
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:15:35
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:20:54
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:22:17
> Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL
> time(573s)hosts(1) TCP(0) UDP(14)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:29:46
> Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83
> (THRESHOLD 4
> connections exceeded in 2 seconds)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:30:02
> Name: spp_portscan: portscan status from 207.217.120.83: 7 connections
> across 1 hosts: TCP(0), UDP(7)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:30:47
> Name: spp_portscan: portscan status from 207.217.120.83: 5 connections
> across 1 hosts: TCP(0), UDP(5)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:31:08
> Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
> across 1 hosts: TCP(0), UDP(2)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:32:18
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:33:08
> Name: spp_portscan: portscan status from 207.217.120.83: 3 connections
> across 1 hosts: TCP(0), UDP(3)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:34:15
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:34:36
> Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
> across 1 hosts: TCP(0), UDP(2)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:34:50
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:35:09
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:35:54
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:38:14
> Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
> across 1 hosts: TCP(0), UDP(2)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:39:04
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:39:20
> Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
> across 1 hosts: TCP(0), UDP(2)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:39:32
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:40:12
> Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL
> time(588s)hosts(1) TCP(0) UDP(30)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:49:32
> Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83
> (THRESHOLD 4
> connections exceeded in 2 seconds)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:49:36
> Name: spp_portscan: portscan status from 207.217.120.83: 6 connections
> across 1 hosts: TCP(0), UDP(6)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:49:43
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:49:59
> Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
> across 1 hosts: TCP(0), UDP(2)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:50:54
> Name: spp_portscan: portscan status from 207.217.120.83: 2 connections
> across 1 hosts: TCP(0), UDP(2)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:51:04
> Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL
> time(84s)hosts(1) TCP(0) UDP(11)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:52:21
> Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83
> (THRESHOLD 4
> connections exceeded in 3 seconds)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:53:11
> Name: spp_portscan: portscan status from 207.217.120.83: 6 connections
> across 1 hosts: TCP(0), UDP(6)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:54:30
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:54:39
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:54:57
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:55:31
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:56:20
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:56:28
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:56:43
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:56:59
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:57:21
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 05:58:04
> Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL
> time(303s)hosts(1) TCP(0) UDP(15)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 06:32:59
> Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83
> (THRESHOLD 4
> connections exceeded in 2 seconds)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 06:35:55
> Name: spp_portscan: portscan status from 207.217.120.83: 9 connections
> across 1 hosts: TCP(0), UDP(9)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 06:37:20
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 06:39:52
> Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL
> time(263s)hosts(1) TCP(0) UDP(10)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 08:16:43
> Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83
> (THRESHOLD 4
> connections exceeded in 4 seconds)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 08:20:57
> Name: spp_portscan: portscan status from 207.217.120.83: 6 connections
> across 1 hosts: TCP(0), UDP(6)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 08:34:37
> Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL
> time(258s)hosts(1) TCP(0) UDP(6)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 11:54:24
> Name: ICMP PING NMAP
> Priority: 2
> Type: Attempted Information Leak
> IP Info: 216.79.10.141:n/a -> 12.17.141.226:n/a
> Refs: http://www.whitehats.com/info/IDS162,
>
> Date: 05/25 13:42:05
> Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83
> (THRESHOLD 4
> connections exceeded in 3 seconds)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 13:43:18
> Name: spp_portscan: portscan status from 207.217.120.83: 5 connections
> across 1 hosts: TCP(0), UDP(5)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 13:44:06
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 13:48:05
> Name: spp_portscan: portscan status from 207.217.120.83: 3 connections
> across 1 hosts: TCP(0), UDP(3)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 13:49:32
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 13:49:57
> Name: spp_portscan: portscan status from 207.217.120.83: 1 connections
> across 1 hosts: TCP(0), UDP(1)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 14:00:42
> Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL
> time(475s)hosts(1) TCP(0) UDP(11)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 15:10:00
> Name: spp_portscan: PORTSCAN DETECTED from 207.217.120.83
> (THRESHOLD 4
> connections exceeded in 3 seconds)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 15:10:36
> Name: spp_portscan: portscan status from 207.217.120.83: 9 connections
> across 1 hosts: TCP(0), UDP(9)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/25 15:17:30
> Name: spp_portscan: End of portscan from 207.217.120.83: TOTAL
> time(39s)hosts(1) TCP(0) UDP(9)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
>
> SmoothWall IDS snort log
> Date: 26 May
>
> Date: 05/26 08:58:38
> Name: spp_portscan: PORTSCAN DETECTED from 204.60.137.10 (STEALTH)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/26 08:58:38
> Name: SCAN SYN FIN
> Priority: 2
> Type: Attempted Information Leak
> IP Info: 204.60.137.10:8000 -> 12.17.141.226:8000
> Refs: http://www.whitehats.com/info/IDS198,
>
> Date: 05/26 09:01:46
> Name: spp_portscan: portscan status from 204.60.137.10: 1
> connections across
> 1 hosts: TCP(1), UDP(0) STEALTH
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/26 09:07:39
> Name: spp_portscan: End of portscan from 204.60.137.10: TOTAL time(0s)
> hosts(1) TCP(1) UDP(0) STEALTH
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/26 13:41:31
> Name: ICMP PING NMAP
> Priority: 2
> Type: Attempted Information Leak
> IP Info: 216.79.10.141:n/a -> 12.17.141.226:n/a
> Refs: http://www.whitehats.com/info/IDS162,
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Paul Carr: "Javascript Error"
• Previous message: Stanley Long: "LinuxTag to SCO: desist from unfair competitive practices"
• Maybe in reply to: JEREMY HODDER: "snort log"
• Maybe reply: i-robot@gci.net: "Re: snort log"
• Reply: i-robot@gci.net: "Re: snort log"

This archive was generated by hypermail 2a23 : Tue May 27 2003 - 06:05:52 AKDT