I get a daily report from snort which claims all sort of
ICMP Destination Unreachable (Communication Administratively Prohibited)
and
(spp_portscan2) Portscan detected from 132.66.40.250: 21 targets 21
ports in 1 seconds
The IPs appearing in this report don't apear in any of the
/var/log/{messages|kern.log|syslog}.
The ICMP connections are incoming (does this message mean they were
dropped on something else was done with them).
The strange thing is that the portscans seem to originate from my
computer according to snort, although I didn't run any portscans.
Also, some of the connections reported are from and to IPs unrelated to
the network I am on.
This traffic always accures behind the university firewall, on my local
IP there.
What do these messages mean and should I be alarmed?
I am running shorewall and if I understood the settings correctly it
should allow all outgoing traffic and incoming traffic to ftp and ssh
only from 2 specific subnets, and all traffic to mldonkey ports
(although I should probably block those since the uni firewall is
blocking them also anyway).-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
