Snort mailing list archives
nimda
From: "Olensky, Sven" <sol () intelispan net>
Date: Tue, 18 Sep 2001 13:13:59 -0400
check this out http://208.193.197.48/ <http://208.193.197.48/> thats one of the source IPs. opens a second window, offers readme.exe as download. jesus. -----Original Message----- From: snortlst snortlst [mailto:snortlst () hotmail com] Sent: Tuesday, September 18, 2001 12:13 PM To: snort-users () lists sourceforge net Subject: [Snort-users] General info I couldn't find the explanation for pretty simple questions on the snort site, so maybe you can clarify this: 1. When you compare traffic to the rules what are the options - alerts are sent to syslog or database, or file,that's o.k., but can you for example drop connection if it conflicts with snort rules?What else can you do to malicious conenctions? 2.I don't think mysql is an option for me, is ACID simplier to confiure than mysql? 3. Can I generate HTML reports if I log to ACID?
Current thread:
- nimda Olensky, Sven (Sep 18)
- Re: nimda Sean Wheeler (Sep 19)