Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Log questions

From: Phil <foo_bar_00 () yahoo com>
Date: Mon, 6 Aug 2001 00:05:47 -0700 (PDT)
Snort users,
I have some questions about my logs:

For starters I have a directory under
/var/log/snortlogs which is my own external IP
address. Everything under the directory is one of the
following two:
  Possible RETRANSMISSION detection [**]
  EVASIVE RST detection [**]

I also have directories for INTERNAL addresses
(hom_net is set to my external address while
external_net is set to everythign else). I see how
this is possible since it's not my home_net, but since
I NAT everything with IPFilter, this seems strange.
The internal address logs are for the same two things.

So my 2 question are:
1. why are there so many of those two kinds of logs.
Are they false alarms? Are they bugs?
2. why are my external address (which is HOME_NET) and
even my internal NAT'd address getting in the logs.

Thanks,
Phil



__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: