snort sig reporting 1:1113 a lot
snort.org/pub-bin/sigs.cgi?sid=1%3A1113
How do i stop it from happening also i want to log sucsessful attempts that get though my firewall. How would i do that. to do that would i log 127.0.0.1 :Pengy: :tisk: |
What is the source of the snort alerts, is it one of your hosts (a false positive) or just random IPs?
also i want to log sucsessful attempts that get though my firewall. How would i do that. Snort has some capablilities for detecting succesfull attacks, however a layered defense is the best option, so using something like a tripwire, aide, or samhain in combination with snort is a good idea. |
I agree a layered defence is best
what ip or command option do i need to run snort with in order to log just log sucsessful attempts. |
All times are GMT -5. The time now is 08:18 AM. |