Snort mailing list archives
RE: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts..
From: "Chris N" <chris.northrop () po state ct us>
Date: Fri, 2 Jan 2004 08:09:14 -0800
Simple, just set the source to $HOMENET. Since I don't expect a lot of internal machines to become infected, thresholding wouldn't help me out to much. If things change I could always play around with thresholding at later time. -----Original Message----- From: Brice B [mailto:nesta () iceburg net] Sent: Wednesday, December 31, 2003 6:21 PM To: chris.northrop () po state ct us; snort-users () lists sourceforge net Subject: Re: [Snort-users] SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Chris, would you mind telling us how you set it to alert only internal Cyberkit/Nachi ping attempts? Did you use thresholding? Regards, Brice Burgess Chris N wrote:
Fellowship of the Snort, I guess I should have clarified that all the "CyberKit 2.2 Ping" alerts
were
ingress only. Some of you guys suggested just removing the alert. Yes that would stop the chaos, but I didn't want to blind myself. Although, I do have to admit I
was
leaning this way. With the advise from a few others I decided to keep the rule, but with a slight modification to alert me on egress only. I am only really concerned about systems within my network. Yes, keeping track of this traffic from
the
outside would be a good idea, but in my environment its not feasible. Someday, when I'm questioned about the necessity of an IDS, I will switch this alert and a few others back to saturate, so as to subdue the misinformed. Thank you for your time Chris N.
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Brice B (Dec 31)
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Jeff Kell (Dec 31)
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Jeff Kell (Dec 31)
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Paul Schmehl (Dec 31)
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Jim Brown (Jan 03)
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Paul Schmehl (Jan 03)
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Jeff Kell (Dec 31)
- RE: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Chris N (Jan 02)
- <Possible follow-ups>
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Simon Smith (Dec 31)