Snort mailing list archives

Re: resp 2?

From: Neil Dickey <neil () geol niu edu>
Date: Wed, 16 May 2001 13:09:33 -0500 (CDT)


"Ben Johansen" <benj () intelisoft net> wrote asking:

apparently when I responded to the to last it went to the individual instead
of the list. ??


No, I just replied off-list.  There's no particular reason.  ;-)

I Guess, the main question for me now is: Now that I see the hack attempts
what do I with them?


I presume from your question that Snort is now loading and the response feature
is working?

Anyway, if you are seeing portscans and other evidence of hacking in your logs
then there are some things you can do with the information, but you probably
won't find them very satisfying in that your antagonist doesn't get vaporized.

One thing to do is to make sure your system software is configured for maximum
security.  If I recall correctly you're using some sort of Windows OS, so you
might want to look into a software firewall such as ZoneAlarm to help keep the
BadGuys(TM) at bay.  This package is free for personal use, and a modest fee
gets you a full-featured version.  There are others, but this is one I'm familiar
with and it's very good.

Make sure that software with known security problems, such as Outlook and Outlook
Express, are rendered harmless.  If you are running a IIS webserver, go to the
Micro$oft site immediately and find out how to keep it from getting hacked.  Don't
let *anything* on your system automatically open attachments or run scripts without
letting you know first and asking for permission.  Backdoors come wrapped in pretty
paper.

Make sure your patches are up-to-date, *especially* those having to do with
security.

There are some websites where you can report scanning and hacking attempts.  One
is ...

  http://aris.securityfocus.com/

... the related BugTraq site, which has a link library ...

  http://www.securityfocus.com/

... and another at ...

  http://www.cert.org

There are more, but these are good places to get started.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

resp 2? Ben Johansen (May 15)
- <Possible follow-ups>
- Re: resp 2? Neil Dickey (May 16)