sendmail triggers "portsweep" in snort?

To: <debian-user@lists.debian.org>
Subject: sendmail triggers "portsweep" in snort?
From: Erik Dörnbach <doernbach@elge.de>
Date: Thu, 22 Sep 2005 15:34:48 +0200
Message-id: <[🔎] 883F9500AE0CAC4C9FBB72C9E09D89C5ECC517@lgexchange.elge.intern>

Hello list,

just installed snort out of curiosity on my network with the plain debian default rules. In the reports generated I found one of my sendmail servers doing portsweeps to remote adresses adresses.

Upon further investigation I found out that the destination of each occured portsweep is also logged by the same sendmail as

...rejecting commands from [a.b.c.d] [a.b.c.d] due to pre-greeting traffic

Now I wonder what this should tell me, these are propably some people's spambots which unpolitly don't wait for the server to greet them, sure... but why and what does snort detect as a portsweep (what's a portsweep anyway, some kind of portscan method?).

I'm pretty confident the server is safe and not compromised, anyone with a clue?


Erik

Reply to:

Prev by Date: Re: Cannon BJC-1000 printer software
Next by Date: Re: Cann0n BJC-1ooo print3r s0ftware
Previous by thread: Re: Cann0n BJC-1ooo print3r s0ftware
Next by thread: NUM Lock , Home, End
Index(es):
- Date
- Thread