Snort mailing list archives

Previous By Date Next
Previous By Thread Next

os x single user

From: Donna dm87 <dm87 () rogers com>
Date: Sat, 15 Nov 2003 13:34:40 -0500
Is it appropriate, or desirable to run and learn Snort on my setup?
I am using snort (installed w HenWen) on a Macintosh running OS X, a single user machine and the only machine on my small home network that runs UNIX. The OSX machine has one nic card connected to cable and a second connected to a hub. All other machines are connected to the OS X machine by the hub. The OSX machine acts as a router. The router software is started up on a "need to" basis, which is seldom.
The OS X machine occasionally has Personal Web Sharing enabled, and I have Apache, MySQL and PHP installed for learning and testing purposes. When I do this port 80 and port 427 are opened.
Since installing HenWen and Snort I have not enabled Personal Web Sharing, so any alerts are in an environment where the default OS X firewall is fully enabled.
There are quite a few alerts listed in the logs, mostly ICMP PING Cyberkit 2.2 Windows, which is is likely some sort of virus or trojan query, from what I can gather.
Today I have noticed quite a few "ATTACK-RESPONCES id check returned root" (port 80), which sounded rather ominous to a beginner. My reading indicates that this could be a result of visiting certain web pages, particularly those dealing with security issues. That would make sense, I have been dithering about trying to find a toe hold on understanding this stuff and perhaps one of the sites I visited triggered this alert. 

thanks
Donna dm87


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: