Snort - Logging Doubts
Hi there.
I have snort working at home and have been receiving only responses like this:
12/24-11:52:51.973310 [**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**] {TCP} xxx.xxx.xxx.xxx:2223 -> 64.111.196.98:80
The problem is I did a portscan yesterday. Pinged the server and nothing of this nature is being logged. I´m running it as a service (snortd daemon), like squid, dhcpd, sshd, vsftpd etc...
|