Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Weird double logging problem

From: Peter Bates <peter.bates () ucl ac uk>
Date: Wed, 19 Oct 2011 13:51:22 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 19/10/2011 13:42, Jason Wallace wrote:

There is a small difference in the time of those 2 alerts. I would
take a tcpdump of your test to make sure you really are not sending
2 requests. Especially since the file is not actually there.


I should have mentioned that I thought had excluded that possibility.

I'm running tcpdump on the 'wget' client machine and I can only see
one request.

I'm doing something similar on a different network and different
machine with 2.9.1.1 and not seeing the same result - the only
difference is the amount of traffic load.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOnsfJAAoJELhVoVpEMS6RP8gH/286h6CR7h0tbL+p11xyJKBx
nmxWBRvcm4BKuXldcFqxMiOQAwVb7MUg6k0vHaDQAKOZyT01fN/Wqg+2QXvaZHw3
7bhOEwInbZoWpmeCgiXk/2zBmZW9l77SehIi69Uq1oXOcvFweOhvE/R0sLFyOZJn
eaFNlVaEWGxvnXNAIsvNKs7EtsZyOX2dH0g1AyHeDQXXvQpezCDmurb+SyrJUZ4H
OiC59/1bTsXAbsZUt7fCRykk8rxMlkvH5Xb1Dh6TxC8I/540pJF5vqL50cJjwf/e
KgJVJOBuRGmpzIdv+IXwsZIy8o9SmAYFiE6DjeZu4q32dTcRpGGaj5DjCntr5Bg=
=MYRk
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: