Snort mailing list archives
any info about the interface
From: deny <deny () linux-pour-lesnuls com>
Date: Fri, 16 Jan 2004 19:01:24 +0100
good afternoon all i am a french snort newbie and i search any info about snort interface with acid my snort works as you can watch here http://www.linux-pour-lesnuls.com/sec/acid/acid_main.php first i see several alert what do you mean "sensor " ? here is the detail of one alert :#0-(1-80) [snort] (http\_inspect) NON-RFC HTTP DELIMITER 2004-01-16 18:58:26 192.168.0.3:1133 192.190.109.20:80 TCP
192.168.0.3 is from my network but why going to ip 192.109.20 is validing as an alert ? an alert for me is anything which goes to my network , not from ? thanks for your help ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- any info about the interface deny (Jan 22)