Re: Confessions of a reluctant port scanner
On Sun, Jul 13, 2003 at 07:42:29PM -0700, Bruce Banner wrote:
> It doesn't look like anything to worry about they are
> false positives leaving your network. Your network is
> a private network 192.168.1.x and the false attacks
> are you hitting a dns probably your dns and your
> network hitting a website. 192.168.1 is a private
> network range that means they are unroutable on the
> public internet unless statically routed. I would say
> they are false positives. When running nmap run it on
> your eth0 interface as opposed to your loopback this
> can give different results. check your home_net and
> dns server entries in snort.conf.
>
Thanks, your explanation makes sense. I've taken a stab at configuring
snort.conf -- I hadn't looked at it before.
>
> There is a script in cron.weekly that starts lpd once
> a week.
So there is! (This had me more worried than the port scans...)
And good call about Slashdot -- I _was_ browsing there about that time,
and I was scanning Exodus too.
Thanks again for your help, Bruce.
Patrick
--
Reply to: