|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] any info about the interface
From: deny (deny
linux-pour-lesnuls.com)
Date: Fri Jan 16 2004 - 12:01:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
good afternoon all
i am a french snort newbie
and i search any info about snort interface with acid
my snort works as you can watch here
http://www.linux-pour-lesnuls.com/sec/acid/acid_main.php
first i see several alert
what do you mean "sensor " ?
here is the detail of one alert :
#0-(1-80) [snort] (http\_inspect) NON-RFC HTTP DELIMITER
2004-01-16 18:58:26 192.168.0.3:1133
192.190.109.20:80 TCP
192.168.0.3 is from my network
but why going to ip 192.109.20 is validing as an alert ?
an alert for me is anything which goes to my network , not from ?
thanks for your help
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]