[Snort-sigs] Snort logs
Bryan Irvine
bryan.irvine at ...1441...
Tue Apr 22 16:34:08 EDT 2003
Is there a way to get more info from the snort logs?
I got this:
###Begin paste###
[**] Virus - Possible NAIL Worm [**]
04/15-16:31:08.887271 207.109.73.101:110 -> 64.1.201.130:8136
TCP TTL:45 TOS:0x0 ID:38869 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B1C0E7A Ack: 0x2045F0E7 Win: 0x16D0 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
###End paste###
It shows someone on one of our networks, downloading a potential virus from
our mail server.
But, since this firewall is running NAT, I don't know who.
Will snort run on more than one interface so I could track and see where it went
(for next time, I'm sure that info is lost this time)?
--Bryan
More information about the Snort-sigs
mailing list