Snort mailing list archives

Previous By Date Next
Previous By Thread Next

How do you know...

From: Colin Wu <wucolin () mcmaster ca>
Date: Fri, 08 Jun 2001 16:56:09 -0400
Over the past few days we have received a number of scans and each time
Snort picks it up just fine.  My questions is: Other than going over the
log line-by-line, how can I tell if a system on my network answered the
probe and is now a candidate for compromise.  My network is a /16 so
it's not a small problem.  I'm thinking it may mean writing my own log
scanner but just wanted to check with you folks in case someone's
already invented the wheel.

Thanks.

--

   __     _             _            Network Analyst
  /  )   //            ' )   /       Computing & Information Services
 /    __|/  o ____      / / / . .    McMaster University
(__/ (_) \_<_/ / <_    (_(_/ (_/_    (905)525-9140 ext 24050
                                     http://netman.McMaster.CA



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: