Snort mailing list archives

Previous By Date Next
Previous By Thread Next

any info about the interface

From: deny <deny () linux-pour-lesnuls com>
Date: Fri, 16 Jan 2004 19:01:24 +0100
good afternoon all

i am a french snort newbie
and i search any info about snort interface with acid

my snort works as you can watch here
http://www.linux-pour-lesnuls.com/sec/acid/acid_main.php

first i see several alert
what do you mean "sensor " ?

here is the detail of one alert :
#0-(1-80) [snort] (http\_inspect) NON-RFC HTTP DELIMITER 2004-01-16 18:58:26 192.168.0.3:1133 192.190.109.20:80 TCP 

192.168.0.3 is from my network
but why going to ip 192.109.20 is validing as an alert ?

an alert for me is anything which goes to my network , not from ?


thanks for your help



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: