NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2004-01

RE: [Snort-users] SUMMARY, CyberKit 2.2 Ping, its driven me Nuts..

From: Chris N (chris.northroppo.state.ct.us)
Date: Fri Jan 02 2004 - 10:09:14 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Simple, just set the source to $HOMENET. Since I don't expect a lot of
internal machines to become infected, thresholding wouldn't help me out to
much. If things change I could always play around with thresholding at later
time.

-----Original Message-----
From: Brice B [mailto:nestaiceburg.net]
Sent: Wednesday, December 31, 2003 6:21 PM
To: chris.northroppo.state.ct.us; snort-userslists.sourceforge.net
Subject: Re: [Snort-users] SUMMARY, CyberKit 2.2 Ping, its driven me
Nuts..

Chris,

would you mind telling us how you set it to alert only internal
Cyberkit/Nachi ping attempts? Did you use thresholding?

Regards,

Brice Burgess

Chris N wrote:

>Fellowship of the Snort,
>
>I guess I should have clarified that all the "CyberKit 2.2 Ping" alerts
were
>ingress only.
>
>Some of you guys suggested just removing the alert. Yes that would stop the
>chaos, but I didn't want to blind myself. Although, I do have to admit I
was
>leaning this way.
>
>With the advise from a few others I decided to keep the rule, but with a
>slight modification to alert me on egress only. I am only really concerned
>about systems within my network. Yes, keeping track of this traffic from
the
>outside would be a good idea, but in my environment its not feasible.
>Someday, when I'm questioned about the necessity of an IDS, I will switch
>this alert and a few others back to saturate, so as to subdue the
>misinformed.
>
>Thank you for your time
>Chris N.
>
>
>

-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]