hallo! hab grade in meine snortlogs geschaut und siehe da:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | IPCop IDS snort log Date: 24 Mai Date: 05/24 20:22:11 Name: (portscan) TCP Portsweep Priority: 2 Type: Attempted Information Leak IP Info: 192.168.178.24 -> 213.95.41.4 SID: n/a Refs: Date: 05/24 22:58:49 Name: (portscan) TCP Portsweep Priority: 2 Type: Attempted Information Leak IP Info: 192.168.179.90 -> 213.95.41.4 SID: n/a Refs: Date: 05/24 22:58:49 Name: (portscan) TCP Portscan Priority: 2 Type: Attempted Information Leak IP Info: 192.168.179.90 -> 213.95.41.4 SID: n/a Refs: Date: 05/24 22:59:34 Name: (portscan) TCP Portsweep Priority: 2 Type: Attempted Information Leak IP Info: 192.168.179.90 -> 68.232.35.121 SID: n/a Refs: Date: 05/24 23:05:10 Name: (portscan) TCP Portsweep Priority: 2 Type: Attempted Information Leak IP Info: 192.168.178.24 -> 213.95.41.4 SID: n/a Refs: Date: 05/24 23:05:10 Name: (portscan) TCP Portsweep Priority: 2 Type: Attempted Information Leak IP Info: 192.168.179.90 -> 213.95.41.4 SID: n/a Refs: Date: 05/24 23:07:02 Name: (portscan) TCP Portsweep Priority: 2 Type: Attempted Information Leak IP Info: 192.168.179.90 -> 213.95.41.4 SID: n/a Refs: |
was ist los?
edit: nun versucht es canonical:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | Date: 05/24 23:15:48 Name: (portscan) TCP Portsweep Priority: 2 Type: Attempted Information Leak IP Info: 192.168.178.24 -> 91.189.92.11 SID: n/a Refs: Date: 05/24 23:15:48 Name: (portscan) TCP Portsweep Priority: 2 Type: Attempted Information Leak IP Info: 192.168.179.90 -> 91.189.92.11 SID: n/a Refs: |