Aloha,
I have several entries in my router's /var/log/messages that look like
this
one.
Dec 11 20:12:50 router snort: [117:1:1] (spp_portscan2) Portscan detected
from 66.8.222.33: 6 targets 9 ports in 20 seconds {TCP} 66.8.222.33:49582 ->
12.246.156.221:6346
I'm curious why the log shows two IP addresses that aren't mine. Is that
because snort is seeing the traffic pass my external interface, or is
something else up? Obviously something is triggering snort, but I'm not sure
it isn't something innocent like a IPC chat session or something like it.
Any ideas???
Mahalos in advance,
Ben
