LinuxQuestions.org - snort sig reporting 1:1113 a lot

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - snort sig reporting 1:1113 a lot (https://www.linuxquestions.org/questions/linux-security-4/snort-sig-reporting-1-1113-a-lot-337944/)

tuxmaster

06-28-2005 04:56 AM

snort sig reporting 1:1113 a lot

snort.org/pub-bin/sigs.cgi?sid=1%3A1113

How do i stop it from happening
also i want to log sucsessful attempts
that get though my firewall. How would i do that.
to do that would i log 127.0.0.1

:Pengy: :tisk:

Capt_Caveman

06-28-2005 11:02 PM

What is the source of the snort alerts, is it one of your hosts (a false positive) or just random IPs?

also i want to log sucsessful attempts that get though my firewall. How would i do that.
Snort has some capablilities for detecting succesfull attacks, however a layered defense is the best option, so using something like a tripwire, aide, or samhain in combination with snort is a good idea.

tuxmaster

06-28-2005 11:44 PM

I agree a layered defence is best
what ip or command option do i need to run snort with in order to log just log sucsessful attempts.

All times are GMT -5. The time now is 08:18 AM.