Snort mailing list archives
Re: Was my host hijacked?
From: Luiz-Otavio Zorzella <z0079 () zorzella com>
Date: Mon, 02 Jun 2003 17:25:30 -0700
Matt Kettler wrote:
What source and destination ports were used? This will tell you a whole lot more about what is really going on.
Cool... I think the events were, indeed, just normal web surfing and "bind" stuff.
For example, the events to 64.141.14.2 are likely just you surfing websites and opening pages with lots of images on them.
I think that was not the case... Which begs the question: is there a way to make SNORT less "frightened" -- i.e. to increase a threshold?
Zorzella ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Was my host hijacked? Luiz-Otavio Zorzella (Jun 02)
- Re: Was my host hijacked? Matt Kettler (Jun 02)
- Re: Was my host hijacked? Luiz-Otavio Zorzella (Jun 02)
- <Possible follow-ups>
- Was my host hijacked? zorzella (Jun 04)
- Re: Was my host hijacked? Matt Kettler (Jun 02)