Snort mailing list archives
Re: resp 2?
From: Neil Dickey <neil () geol niu edu>
Date: Wed, 16 May 2001 13:09:33 -0500 (CDT)
"Ben Johansen" <benj () intelisoft net> wrote asking:
apparently when I responded to the to last it went to the individual instead of the list. ??
No, I just replied off-list. There's no particular reason. ;-)
I Guess, the main question for me now is: Now that I see the hack attempts what do I with them?
I presume from your question that Snort is now loading and the response feature is working? Anyway, if you are seeing portscans and other evidence of hacking in your logs then there are some things you can do with the information, but you probably won't find them very satisfying in that your antagonist doesn't get vaporized. One thing to do is to make sure your system software is configured for maximum security. If I recall correctly you're using some sort of Windows OS, so you might want to look into a software firewall such as ZoneAlarm to help keep the BadGuys(TM) at bay. This package is free for personal use, and a modest fee gets you a full-featured version. There are others, but this is one I'm familiar with and it's very good. Make sure that software with known security problems, such as Outlook and Outlook Express, are rendered harmless. If you are running a IIS webserver, go to the Micro$oft site immediately and find out how to keep it from getting hacked. Don't let *anything* on your system automatically open attachments or run scripts without letting you know first and asking for permission. Backdoors come wrapped in pretty paper. Make sure your patches are up-to-date, *especially* those having to do with security. There are some websites where you can report scanning and hacking attempts. One is ... http://aris.securityfocus.com/ ... the related BugTraq site, which has a link library ... http://www.securityfocus.com/ ... and another at ... http://www.cert.org There are more, but these are good places to get started. Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- resp 2? Ben Johansen (May 15)
- <Possible follow-ups>
- Re: resp 2? Neil Dickey (May 16)