Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anyone have problems with aanval?

From: Nerijus Krukauskas <nkrukauskas () gmail com>
Date: Fri, 27 Jan 2006 10:00:32 +0200
On 27/01/06, Michael Scheidell <scheidell () secnap net> wrote:


We traced a very large data transfer from the host we had running aanval
to 82.165.229.52

Interesting thing about that ip address:
host www.aanval.com
www.aanval.com is a nickname for aanval.com
aanval.com has address 82.165.229.52
aanval.com mail is handled (pri=10) by mail.aanval.com


  82.165.229.51 is also known as oad.aanval.com. OAD stands for
'Offender Analysis Database'. And default install of aanval console
sends lot's of data to that database. In aanval console go Aanval ->
System Options -> Processor Options -> uncheck the 'Offender Analysis
Database' option -> press 'Update Options' -> see how the traffic to
oad.aanval.com stops.

  I suggest that you RTFM more prior to installing something. :) 
Navigate yourself through
http://www.theadamsfamily.net/~erek/snort/drinking_game.txt and get a
headache in the morning (hint: I think this is answered in
documentation, at least). :)

--
http://nk99.org/


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: