Snort mailing list archives
How do you know...
From: Colin Wu <wucolin () mcmaster ca>
Date: Fri, 08 Jun 2001 16:56:09 -0400
Over the past few days we have received a number of scans and each time Snort picks it up just fine. My questions is: Other than going over the log line-by-line, how can I tell if a system on my network answered the probe and is now a candidate for compromise. My network is a /16 so it's not a small problem. I'm thinking it may mean writing my own log scanner but just wanted to check with you folks in case someone's already invented the wheel. Thanks. -- __ _ _ Network Analyst / ) // ' ) / Computing & Information Services / __|/ o ____ / / / . . McMaster University (__/ (_) \_<_/ / <_ (_(_/ (_/_ (905)525-9140 ext 24050 http://netman.McMaster.CA _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How do you know... Colin Wu (Jun 08)
- Re: How do you know... Brian Caswell (Jun 08)
- Re: How do you know... Andreas Östling (Jun 09)