Snort mailing list archives

Previous By Date Next
Previous By Thread Next

bittorrent generating alerts

From: Daniel Guido <infiniteedge () speakeasy net>
Date: Thu, 06 Nov 2003 00:31:52 -0500
im running a fairly standard install of snort, no heavy customizations. i seem to be getting a lot of [executable code detected] whenever bittorrent is running. its annoying because its priority 1 alerts. how do i write a rule (i guess a pass rule?) for bittorrent?
second, what is the best way to output your logs ON WINDOWS? i was dumping them into a mysql database, but i had trouble with the post-processing. acid has too many freakin dependencies. so it to syslogd and got eventsentry to email me priority 1 alerts. but theres very little data in the emails. i've been using -b so i get tcpdump logs and looking at them in ethereal, but sometimes theyre just too cryptic or dont contain enough of the session for me to tell whats going on. i still dont know how im being attacked!? somebody help! 

dan
ps.  thank you


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: