How to proceed

["Timothy A. Holmes" <tholmes () mcaschool net>]

Hi folks:

 

I am VERY new to using snort, I have it set up and sniffing between our
cable modem and the firewall, and it appears to be running well.

 

I am seeing alerts show up in BASE.  

 

So I look at a particular alert, and find the following

 

 

[snort <http://www.snort.org/pub-bin/sigs.cgi?sid=3> ] (portscan) TCP
Portsweep unclassified 15
<https://192.168.0.28/base/base_qry_main.php?new=1&sig%5B0%5D=%3D&sig%5B
1%5D=1&sig_type=1&submit=Query+DB&num_result_rows=-1> (0%) 1
<https://192.168.0.28/base/base_stat_sensor.php?sig%5B0%5D=%3D&sig%5B1%5
D=1&sig_type=1>  1
<https://192.168.0.28/base/base_stat_uaddr.php?addr_type=1&sig_type=1&si
g%5B0%5D=%3D&sig%5B1%5D=1>  7
<https://192.168.0.28/base/base_stat_uaddr.php?addr_type=2&sig_type=1&si
g%5B0%5D=%3D&sig%5B1%5D=1>  2005-11-09 10:13:55 2005-11-10 10:38:46

 

I click on the snort link which, if I understand correctly should take
to a page which will tell me what the alert means and what I should do
about it (if anything)

 

And I get the following (this is the link to the page)

 

http://www.snort.org/pub-bin/sigs.cgi?sid=27

 

 

Which basically tells me that the snort database has never heard of this
before

 

What do I do now???

 

Did I configure base incorrectly or what?

I must confess to being kinda lost

 

TIM

 

Timothy A. Holmes

IT Manager / Network Admin / Web Master / Computer Teacher

 

Medina Christian Academy

A Higher Standard...

 

Jeremiah 33:3

Jeremiah 29:11

Esther 4:14