Any ideas why Snort is logging portscans from 2 of my providers DNS servers? I see this every day. Its making only UDP connections based on the log:
Mar 19 13:00:47 myhost snort: spp_portscan: portscan status from +216.148.227.68: 6 connections across 1 hosts: TCP(0), UDP(6) I think this is due to the DNS servers making several connections in my firewall/nat gateway in a short period of time. But I'm not sure. thanks, jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User
