Snort mailing list archives
Re: Aurora Exploit Attempt Alert One Hour Delay
From: Mike Miller <mike () millertwinracing com>
Date: Thu, 23 Jan 2014 14:28:05 -0700
Is it really an hour difference (are you tailing the file live), or could there be some time skew due to Timezone, Daylight Savings, or misconfigured clocks? On Thu, Jan 23, 2014 at 12:45 PM, LaTonya Hall <lhall () vahna net> wrote:
Fast alert to a text file. *LaTonya Hall* *Vahna, Inc. | Cyber Security Solutions* 202.803.6900 x104 1211 Connecticut Ave NW Suite 250 Washington, DC 20036 www.vahna.com On Jan 23, 2014, at 2:43 PM, Kevin Ross <kevross33 () googlemail com> wrote: How are you logging this? It is likely either timezone stuff on local system, in barnyard or if using something like Snorby the correct timezone not being set such as GMT. So while the alert is generated the time is appearing as 1 hour later. On 23 January 2014 16:28, LaTonya Hall <lhall () vahna net> wrote:There is about a one hour delay from exploit attempt to snort alert…any ideas? *-LaTonya* ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Aurora Exploit Attempt Alert One Hour Delay LaTonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay waldo kitty (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Kevin Ross (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay LaTonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Mike Miller (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Mike Miller (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay James Lay (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay LaTonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Joel Esler (jesler) (Jan 23)