Snort mailing list archives
Re: VPN Users
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Fri, 14 May 2010 10:31:09 -0400
Typically this is what you use a SIM tool for. That way you can check what user was assigned what translated VPN IP address at the time that traffic involving that IP triggered the IDS alert by looking for Windows/VPN logs around the time of the alert. Steve On Fri, May 14, 2010 at 9:37 AM, Bill Pickens <wmpickens () gmail com> wrote:
Hello Everyone We have a large VPN user base. IP addresses are changing constantly. Is there a way to capture the hostname in the event detail at the time of the event. Thanks Will ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- VPN Users Bill Pickens (May 14)
- Re: VPN Users Stephen Mullins (May 14)
- Re: VPN Users Jason Haar (May 15)
- Re: VPN Users Stephen Mullins (May 14)