Snort mailing list archives
Hey who use SWATCH!?? when there is an scan, i get too many mails on root () domain com
From: soldier Mx <soldi3rmx () yahoo com mx>
Date: Wed, 14 Jan 2004 18:48:08 -0600 (CST)
yes... when i scan my system or somebody does... i get like 15 mails of the scan.. and i just want ONE mail.. here is my configuration .swatchrc file.. watchfor /spp_portscan/ bell echo normal mail root () linux mty itesm mx,Subject=--- ! Snort alert! --- Hicieron un Escaneo$exec echo $0 >> /var/log/messages throttle 00:30:10 watchfor /EXPLOIT/ bell echo normal mail root () linux mty itesm mx,Subject=--- ! Snort alert! --- Trataron de hackear$exec echo $0 >> /var/log/messages throttle 00:02:10 ... and more.. i wrote,, in the throttle 30 minutes,, cuz if im not wrong means that is the rule is matched again will ignore it like 30 minutes... what to do .. i had it as 1 min, but was sending alot of mails also.. in ONE scan with nmap #nmap -v -sS -O host.com my best regardsss!! thanks everybody Bye from .mx _________________________________________________________ Do You Yahoo!? La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hey who use SWATCH!?? when there is an scan, i get too many mails on root () domain com soldier Mx (Jan 14)